View
523
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Safeguarding the Enterprise IFSEC - Webinar October 4th 2012
Citation preview
Safeguarding the EnterpriseSafeguarding the Enterprisea new approach
Sanjay Sahay,
IG, Karnataka
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Why?
Physical Security
Safeguarding of Data
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Structure of the Presentation• Definition of a Safeguarded Enterprise
• New approach – Gartner White Paper
• Goals
• Security risks and key success factors• Security risks and key success factors
• Security Architecture
• Data Center, Connectivity and Application
• Application Data Security Lifecycle
• Security Information and Event Management
• Single Sign On
• The future – Cloud Computing
• Conclusion
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
What is a Safeguarded Enterprise?
Safeguarded Enterprise is the sum total of a clear-cut
perception, appropriate/integrated planning,perception, appropriate/integrated planning,
documentation, meticulous execution and
dynamic/robust maintenance of enterprise security
policy at awareness, attitudinal, physical, systems,
processes, application and data dimensions throughout
the enterprise creating a near fails safe enterprise.
Sanjay Sahay
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSecurity as a SILOSecurity as a SILOSecurity as a SILOSecurity as a SILO
• Architecture• Architecture
Business Information
• Security• Architecture
Technology
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Gartner White Paper 2006
Incorporating Security into the
Enterprise Architecture
Process
S E S E S E S E a new approacha new approacha new approacha new approachEnterprise Information Security ArchitectureEnterprise Information Security ArchitectureEnterprise Information Security ArchitectureEnterprise Information Security Architecture
• Architecture• Architecture
Business Information
• Architecture• Architecture
SecurityTechnology
SE9/11 a watershed in modern history
Whatever Come May…Whatever Come May…
Physical Security will Always Count!
Land, Air Or Water
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Goals
� Provide structure, coherence and cohesiveness
• Must enable business-to-security alignment• Must enable business-to-security alignment
• Defined top-down beginning with business strategy
• Establish a common "language" for information for
information security within the organisation
SE SE SE SE a new approacha new approacha new approacha new approach
Top 10 Enterprise Security RisksTop 10 Enterprise Security RisksTop 10 Enterprise Security RisksTop 10 Enterprise Security Risks
� Email Attachments
� VPN Tunnel Vulnerabilities
� Blended Attacks
� Diversionary Tactics� Diversionary Tactics
� Download from Websites
� Supply Chain and Partners Added to the Network
� Microsoft’s SOAP
� Renaming Documents
� Peer – to - Peer Applications
� Music and Video Browsers
SE SE SE SE a new approacha new approacha new approacha new approach
Key Success Factors of SecurityKey Success Factors of SecurityKey Success Factors of SecurityKey Success Factors of Security
a
Security Awareness
Application Network Security
Operating System Security
Patch and AV management
Application Security
SIEM
SE SE SE SE a new approacha new approacha new approacha new approachSecurity ArchitectureSecurity ArchitectureSecurity ArchitectureSecurity Architecture
People
Processes
Technology
SE SE SE SE a new approacha new approacha new approacha new approachSecurity ArchitectureSecurity ArchitectureSecurity ArchitectureSecurity Architecture
People Processes Technology User Awareness Policies IPSGuidance Standards Firewall Guidance Standards Firewall Administration Guidelines AVMonitor Audit DLP
SIEM
SE SE SE SE a new approacha new approacha new approacha new approach
Defense in DepthDefense in DepthDefense in DepthDefense in Depth
� “Defense in Depth” which is a concept used to
describe layers of defense strategies
� The components at each layer work in tandem to� The components at each layer work in tandem to
provide in tandem to provide one cohesive security
mechanism
� This layered approach will also help localize the
impact if one element of the mechanism is
compromised
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Data Center, Connectivity and
Application are at the core of
Enterprise Security
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Data Center
� The main purpose of a data center is
running the applications that handle the core
business and operational data of the
organization
� Secure Application Usage is the Key
SE SE SE SE a new approacha new approacha new approacha new approach
KSP Data Center KSP Data Center KSP Data Center KSP Data Center
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Secure Connectivity is the Backbone
S E S E S E S E a new approacha new approacha new approacha new approach
KSP ConnectivityKSP ConnectivityKSP ConnectivityKSP Connectivity
Safeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the EnterpriseSafeguarding the Enterprisea new approacha new approacha new approacha new approach
Application/s is at the heart of the
enterprise
SESESESE a new approacha new approacha new approacha new approachThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security Lifecycle
Assess Set Policies/Controls
Measure Monitor / Enforce
The Application Data Security
Life Cycle
SESESESE a new approacha new approacha new approacha new approachThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security Lifecycle
Assess
� Discover Servers and Data
� Test Configuration
� Evaluate Inherent Risks
� Assess how and by who data and applications are used
Set Policies and Controls
� Set policies automatically
� Adapt to user changes
� Support granular polices and controls
SESESESE a new approacha new approacha new approacha new approachThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security LifecycleThe Application Data Security Lifecycle
Monitor and Enforce
� Ensure separation of duties
� Enforce user accountability
� Capture full details� Capture full details
� Alert and block in real time
Measure
� Built in & custom reports
� Roll-up and drill down of data
� Security event analysis
� Compliance workflow
SE SE SE SE a new approacha new approacha new approacha new approachSecurity Information & Event ManagementSecurity Information & Event ManagementSecurity Information & Event ManagementSecurity Information & Event Management
Asset Discovery
Threat Detection
Vulnerability Assessment
SI Vulnerability Assessment
Event Collection
Correlation
Event Management
Log Storage
IEM
SE SE SE SE a new approacha new approacha new approacha new approach
SIEMSIEMSIEMSIEM
SIEM is a Intelligence platform helps safeguard the
business by giving you complete visibility into activity
across the IT Infrastructure
SIEM Capabilities
� Data Aggression� Data Aggression
� Correlation
� Alerting
� Dashboards
� Compliance
� Retention
SE SE SE SE a new approacha new approacha new approacha new approach
Single Sign OnSingle Sign OnSingle Sign OnSingle Sign On
�Single Sign On, SSO, is a property of access control of multiple related, but independent software systems.software systems.
�Conversely, Single Sign Off, is the property whereby the single action of signing out terminates access to multiple software systems
SE SE SE SE a new approacha new approacha new approacha new approach
Single Sign OnSingle Sign OnSingle Sign OnSingle Sign On
�More secure
�Reduces password fatigue
�Reduces time spend for re -entering passwords�Reduces time spend for re -entering passwords
�Reducing IT costs- Help desk calls about passwords
�Security on all levels of entry/exit/access to syst ems
�Centralized reporting for compliance adherence
SE SE SE SE a new approacha new approacha new approacha new approach
Cloud Computing & SecurityCloud Computing & SecurityCloud Computing & SecurityCloud Computing & Security
There are a number of security issues/concerns asso ciated with cloud computing but these issues fall into two broad cate gories:
�Security issues faced by cloud providers (organizati ons providing software-platform or infrastructure -as-a-service via the cloud) and security issues faced platform or infrastructure -as-a-service via the cloud) and security issues faced by their customers
�The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected
�The customer must ensure that the provider has take n the proper security measures to protect their information.
SE SE SE SE a new approacha new approacha new approacha new approach
Cloud Computing & SecurityCloud Computing & SecurityCloud Computing & SecurityCloud Computing & Security
VirtualizationVirtualizationVirtualizationVirtualization
�The extensive use of virtualization in implementing cloud infrastructure brings unique security concern s for customers or tenants of a public cloud servicefor customers or tenants of a public cloud service
�Virtualization alters the relationship between the O S and underlying hardware - be it computing, storage o r even networking
SE SE SE SE a new approacha new approacha new approacha new approach
Cloud Computing & SecurityCloud Computing & SecurityCloud Computing & SecurityCloud Computing & Security
VirtualizationVirtualizationVirtualizationVirtualization
•This introduces an additional layer - virtualization - that itself must be properly configured, managed and securedsecured
•Specific concerns include the potential to compromi se the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist
SE SE SE SE a new approach a new approach a new approach a new approach
ConclusionConclusionConclusionConclusion
Complexity is our life and making it simple our goal.
Technology gains the highest end with simplistic products
and services. The complexity of IT security gets confounded
with innumerable applications, the processing power, the with innumerable applications, the processing power, the
world wide web interface, cross enterprise collaboration and
the like. Cloud computing, though in its nascent stage has
thrown a major challenge to IT security, the success of
which would be epochal and the IT services would take a
well deserving leap forward.