© 2017 CMS IT services Pvt.Ltd.

03

04

07

09

12

1 3

15

16

Introduction

Cyber Crimes and Solutions

Impact of the Cloud on information security

Security threat is industry agnostic

Key reasons for cyber security automation

Automation in information security - The way forward

Conclusion

About Us

CONTENTS

02

© 2017 CMS IT services Pvt.Ltd.

INRODUCTIONIn the current business computing environment, cyber security continues to grow as one of the top concerns for organisations. Any organization that has a computer system and sensitive information would want to protect that information. It therefore becomes important to plan for possible threats and define policies to limit the vulnerabilities in a system through its security policies. The greatest threat to computer systems and information comes from people, and their actions that may be malicious or ignorant. These threats that include targeted cyber attacks and data breaches can be addressed by measures involving prevention, detection and reaction. cyber attacks and data breaches can be addressed by measures involving prevention, detection and reaction.

06

03

© 2017 CMS IT services Pvt.Ltd.

CYBER CRIMES AND SOLUTIONSThe importance of data security is heightened by growing volumes of data across all fronts –consumers, users, governments, businesses and other aspects of society and daily life and new dimensions such as e-commerce adding to the data volume. The storage and safety of data resources cause enormous strain to resources, compounded by the growing threat factor and the likely loss and outcome of any breach in their security. The PWC 2016 Global State of Information Security Survey reveals that cyber security incidents have risen 38% since 2014 and theft of intellectual property grew 56% in 2015.The growing cyber attack instances have been due to increased user base, smartphone connections, network traffic, IP connected devices and data. Gartner indicates that there will be nearly 20.8 billion devices on the internet of things (IoT) by 2020, posing new cyber security concerns. The recent years have seen adversarial growth and innovation in cyber-attacks and attackers. We have seen a dramatic surge in advanced

threats and malware. Regrettably these sophisticated attacks have been more challenging than the reasonable security practices and procedures implemented commonly, driven as they are by compliance regimes. To handle these sophisticated attacks, security solution providers have been forced to tighten their approach and work in a more integrated fashion, and automate error-prone manual workflows to improve the response time and effectiveness against threats. Security automation allows organizations to use policy-based decisions to automate threat response - including containment and remediation. These solutions integrate multiple third-party networking, security and trouble-ticketing systems to provide endpoint and network visibility, contextual awareness, automated threat response and mitigation across the security monitoring and incident response process.

04

© 2017 CMS IT services Pvt.Ltd.

Cyber Crimes and Solutions

Security Threats, Events andProcesses - Recent Trends

A 2016 survey by ESG and Phantom Cyber revealed that nearly 74% of the reported security events or alerts are simply ignored because their teams can’t keep up with the volume. Such situations can be overcome by integrating security automation with existing firewall and threat detection solutions.

Source: http://www.pwc.com/gsiss, ESG and Phantom Cyber

Proportion of reported secutrity alerts ignored

Increase in intellectual property theft in 2015

increase in Cyber security events since 2014

Conduct penetration tests

Use threat intelligence subscription servises

Have security information & event management (SIEM) tools

Conduct threat assessments

Conduct vulnerability assessments

Actively monitor & analyze information security intelligence

Have intrusion detection tools

0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0

05

© 2017 CMS IT services Pvt.Ltd.

In a vast country like India where technology is growing fast, it is imperative for governments, corporations and people to realize the importance and gravity of the security environment. In India, in January and February 2017 alone, 39 government websites were hacked while the number of central and state government websites that were hacked has grown from 155 in 2014 to 164 in 2015 and 199 in 2016. It requires awareness, proper information security management, implementation, support to create the appropriate response and solutions.

Central and State GovernmentWebsites Hacked, 2014-16, India

Source: http://www.livemint.com/Politics/ayV9OMPCiNs60cRD0-Jv75I/11592-cases-of-cyber-crime-registered-in-India-in-2015-NCR.htm 06

200

100

150

50

0

2016200

100

150

50

0

2014

200

100

150

50

0

2015

© 2017 CMS IT services Pvt.Ltd.

Impact of the Cloud on information securityEnterprises are moving to cloud computing with the conviction that it can help them accomplish more by breaking the physical bonds between an IT infrastructure and its users. Large organizations are embracing public and private cloud computing at a rapid pace. ESG research reveals that about a third of global organizations have been using public and private cloud infrastructure for more than three years, and more than half of organizations (57%) have production workloads running on cloud computing infrastructure

Cloud Computing for Businesses

Cloud computing is a more utility-oriented computing platform based on capabilities provided by the Internet. Such systems offer ease of use and maintenance that helps to transform IT into a utility-based model. Cloud-based systems

provide users with access to various applications stored on servers in a data centre in a remote location, with the internet as the backbone. It offers other benefits such as reduced costs, reduced capital expenditure, and scalable IT infrastructure that allow businesses to focus on their key competence and business without any worry about IT. A cloud infrastructure enables companies to stay with the latest technology, deploy new projects and go live quickly with improved security, compliance and minimal carbon footprint.

Of the two types of cloud computing - public and private - the former is less expensive and more flexible while the latter delivers similar advantages to a public cloud, but it is dedicated to a single organization. Hybrid cloud is a mix of the two but the private cloud is more secure and provides the highest levels of management visibility, control, security, privacy, and physical data proximity.

07

© 2017 CMS IT services Pvt.Ltd.

Enterprises are moving to cloud computing with the conviction that it can help them accomplish more by breaking the physical bonds between an IT infrastructure and its users. Large organizations are embracing public and private cloud computing at a rapid pace. ESG research reveals that about a third of global organizations have been using public and private cloud infrastructure for more than three years, and more than half of organizations (57%) have production workloads running on cloud computing infrastructure

Cloud Computing for Businesses

Cloud computing is a more utility-oriented computing platform based on capabilities provided by the Internet. Such systems offer ease of use and maintenance that helps to transform IT into a utility-based model. Cloud-based systems

provide users with access to various applications stored on servers in a data centre in a remote location, with the internet as the backbone. It offers other benefits such as reduced costs, reduced capital expenditure, and scalable IT infrastructure that allow businesses to focus on their key competence and business without any worry about IT. A cloud infrastructure enables companies to stay with the latest technology, deploy new projects and go live quickly with improved security, compliance and minimal carbon footprint.

Of the two types of cloud computing - public and private - the former is less expensive and more flexible while the latter delivers similar advantages to a public cloud, but it is dedicated to a single organization. Hybrid cloud is a mix of the two but the private cloud is more secure and provides the highest levels of management visibility, control, security, privacy, and physical data proximity.

However, the cloud platform comes with a few challenges especially in the context and choice of security model. Companies choosing the cloud model are concerned about the loss of control over physical security especially in a public cloud, where computing resources are shared with other companies. In a shared facility outside the enterprise, companies don't have any knowledge or control of where the resources run and run the risk of data seizure if another company on the same platform has violated the law. They also run the risk of incompatibility if they decide to move from storage services provided by one cloud vendor to another vendor's services. While data integrity is paramount to a business’ interest, a common standard to ensure data integrity could be a difficult proposition on the cloud. Without the presence of a formal secure software development life cycle, the use of a combination of web

services (mashup technology), which is fundamental to cloud applications, could cause unwitting security vulnerabilities in applications. The cloud also has the issue of monitoring for security and compliance, and the onus is on the cloud provider to earn the trust of customers. Companies need to plan well before moving to a cloud-based environment. They need to understand the security implications and fully understand the elements of identity management, detection and forensics, encryption, manageability, standards, governance and compliance in the specific context.

Challenges of Cloud Computing

08

© 2017 CMS IT services Pvt.Ltd.

Security threat is industry agnosticIt is easy and correct to conclude that financial gain is a powerful motivator for cyber criminals but it is not the only one. Security threats have now started inflicting physical damage, stealing intellectual property and lodging political protests. Virtually no industry is immune to security threats but based on instances and events of risks and threats it is possible to conclude that some industries are targeted far more frequently than others.

Security threats and Industries

In 2015, the most targeted industries included healthcare, manufacturing, financial and government organizations around the world, a major change from that in 2014.

09

Rank

1

2

3

4

5

Industries facing most-threats 2014 Industries facing most-threats 2015

Financial Services

Information and Communication

Manufacturing

Retail/ Wholesale

Energy and Utilities

Healthcare

Manufacturing

Financial Services

Goverment

Transportation

© 2017 CMS IT services Pvt.Ltd.

Healthcare - This industry features a wealth of exploitable information with electronic health records-containing credit card data, email addresses, social security numbers, employment information and medical history record--fetching a high price on the black market. Spear phishing attacks are used to commit fraud and steal medical identities.

Manufacturing - (includes automotive, electronics, textile and pharmaceutical companies) Automotive industry has generated threat interest following the possibility of being able to remotely hack a connected car. Chemical manufacturers are also a targeted sub-industry and a cyber attack targeting the safety of a chemical plant or a connected car could be dangerous but financial motivation seems a more attractive one in attacking corporate networks. Financial services - This industry has managed to refine and improve the monitoring and detection capabilities over time while bolstering cyber security, in reaction to major breaches over the past several years. However financial services businesses have increased their vulnerability by services and technology such as including automated teller machines, credit cards and mobile banking apps. Government - Agencies in this sector have become more vulnerable with employee records, social security details and even digitized fingerprints being quite attractive targets for attacks.

Transportation - This industry serves as the backbone of world trade and is therefore vulnerable to attacks by politically motivated cyber criminals.

The specific threats include:

10

© 2017 CMS IT services Pvt.Ltd.

Pan Industry Threats

The industry determines the kind of security and regulatory compliance issues that enterprises have to tackle. They vary dramatically even though there are basic security commonalities among all types of businesses. Threats such as unauthorised access, malicious code and sustained probes and scans are amongst the most frequent and common threat incidents. Threats such as computer viruses, ransomware and other malware and the rapid growth in the use of mobile devices are common while internal security breaches can happen in any organization.

Most Frequent Threat Incidents, 2014-15, (%) Global

Source https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEP03394USEN

Ransomware has emerged as a serious threat replacing advanced persistent threat (APT) network attacks to become the most difficult to defend against. With such malware increasingly altering itself, the number of attacks are rising and even spawning ransomware-as-a-service (RaaS) business model. This democratization of security

threats has been driven by the easy availability of malicious software, and infrastructure components that can be used to initiative targeted attacks.

Access or credential abuse

Suspicious activity

Sustained probs and scans

Malicious code

Unauthorised Access

0 10 20 30 40 50

20152014

1 1

Key reasons for cyber security automationIn a business environment security analysts are weighed down with regular tasks at a time when the volume and source of information is growing manifold and along with it the scope for security breaches. Irrespective of the number of skilled people deployed, manual handling of security tasks is too slippery a pole to climb. Cyber criminals are becoming savvier and their attacks are increasing and becoming more complicated and dangerous. It has thus become evident that traditional methods are no longer sufficient to keep sensitive data safe and cyber security strategy has to be beefed up using automation as a tool.

Why SecurityAutomationAutomation is a powerful, effective and undeniable component of cyber security in combating the onslaught of incoming threats. Gartner has commented that by 2019, 40% of large enterprises will require specialized, automated tools to meet regulatory obligations in the event of a serious information security incident.

Some of the reasons businesses should favour automation include:

Automating cyber security can save IT professionals from the avalanche of security threats by scaling up to meet the challenge. It will also drastically reduce the time needed to investigate, report and resolve the security incident freeing up cyber security professionals from many of the routine and repetitive tasks so that they can focus on more important and strategic security issues.

Security automation enables better preparation for incidents. It allows simulation and testing of multiple attack scenarios that result in improved incident response procedures. It also confirms that staff members are ready when an attack occurs.

Security automation can allow the capture of relevant data about the context of the incident from multiple disparate systems, such as intelligence feeds, SIEMs, Intrusion Detection and Prevention Systems (IDPS), Anti-Virus Software, File Integrity Checkers, OS, App, & Network Device Logs, Netflow, National Vulnerability Database (NVD) and Help Desk Ticketing Systems.

Security automation enables 24x 7 response based on best practices. Since cyber security attacks can happen any time automation delivers the best response when attacks occur.

Cyber security automation enables automated playbooks that contain standardized procedures for responding to security incidents. The playbook contains orchestrated responses, bringing with it numerous benefits such as faster response, reduced human error, proper documentation and notification.

1 2

Automation in information securityThe way forward Security Automation Facets and Trends

Security automation now gains different dimensions in different contexts. It is about threat detection, the threat intelligence component, and at the larger level implies the automation of cyber security controls. Security automation now goes beyond prevention and detection technologies, reaching into other important components of IT infrastructure to reliably protect organizations. Some of the newest and most advanced trends in security automation include:

Policy execution - With networks growing more complex, managing associated security policies manually is nearly impossible. Policy execution automation, or the automation of any administrative work required of IT security takes care of this aspect. These tools help meet internal or regulatory security requirements besides handling administrative tasks like user on-boarding or off-boarding and user lifecycle management. IT teams gain greater control over data, costs and time by automating the provisioning, de-provisioning and user access.Alert monitoring and prioritization - This tedious task has been done manually traditionally and involved compiling alerts and determining which data points were important. Alert monitoring and prioritization is now automated. Behavioural analytics and machine learning have emerged as amongst the most advanced forms of automation for alert monitoring and prioritization. They don’t rely on rules and thresholds or known threats but learn what normal network behaviour looks like, and immediately pinpoints any abnormal behaviour, and then statistically score the priority of each potential threat for investigation.Incident response planning - This technology helps companies track the evolution of a security incident and coordinate the actions required to respond. Solution providers offering this help companies develop playbooks for different types of threats that can automate portions of their response. They automate workflow and enable companies to respond quickly and communicate with the appropriate internal and external contacts, adhering to regulations for topics like privacy notifications while providing a clear audit trail.Investigation, action and remediation - this aspect of automation involves the investigation, action and remediation of a cyber threat. It involves utilizing technology to perform tasks just as a qualified cyber analyst would, to quickly find threats and liquidating down before they impact operations. All other elements of security automation - from policies, to prioritization, to planning - work towards this goal,

13

© 2017 CMS IT services Pvt.Ltd.

Automation of IT security infrastructure can drastically increase company productivity and reduce costs. However, the success depends on the capability and skills of the vendor, service provider or partner involved in the project. Companies have to be diligent in choosing the right partner since there are several aspects of what a vendor might specialise in with regard to automation - specifically in regard to investigation, action and remediation. Some providers may address only one of those three components, while others focus on a specific task, such as automating the containment of compromised devices. There are also companies that use automation and artificial intelligence across the entire process and businesses need to be clear about the requirements.

Who can help implementSecurity Automation?

14

© 2017 CMS IT services Pvt.Ltd.

ConclusionWith growing digitization, data security is a matter of utmost importance to every business. Threats have grown with greater flow of data across networks and security is now a matter of gaining complete control of the Internet connection while also knowing which applications, known and unknown, can be trusted to use the Internet. Business, IT and security leaders face multi pronged challenges while leveraging the value of IT usage and implementation. In India specifically, the challenges in the domain of information security are set to rise as the country has now unveiled its projects such as Digital India mission, Smart cities, GST, and digital transactions.In a scenario of widespread usage of SMACI (Social, Mobile, Analytics, Cloud and Internet of things) and an expanding business eco-system new security threat vectors hamper enterprise operations. As a result, businesses

are increasingly demanding business service SLAs beyond traditional IT and security SLAs. The focus is now on operating efficiencies, providing more services with fewer resources against a backdrop of increasing threats.While cloud computing has provided an effective alternative model of computing resources this shift towards cloud computing has brought about concerns regarding cyber security for businesses. The cloud is also an essential part of

managing compliance and security requirements efficiently and easily. To fully realize the promise of clouds the traditional IT infrastructure and network security specifically has had to transform itself into an agile and adaptive entity with automated processes. This being positive fallout of the shift towards automation, the cloud also gives businesses the peace of mind that their data is safe, secure, and confidential while being accessible and providing flexibility of operations.

1 5

© 2017 CMS IT services Pvt.Ltd.© 2017 CMS IT services Pvt.Ltd.

ABOUT CMSdelivery partners such as IBM, Seclore, TrendMicro, McAfee. HP, 3Com, Oracle, Acer, Lexmark and Leo Technosoft to ensure that clients benefit from the latest cutting-edge technology.CMS IT Services aims to provide customers the ability to manage BAU, as well as take on disruptive themes to achieve sustained leadership in their markets. The company is focused on building and operating Enterprise IT (Datacenter, Network and End User computing) and enabling transformation through Mobility, Cloud and Security Services. CMS IT enables security through a four-pronged approach:

CMS IT leverages its enormous scale and wide reach to deliver offerings of high value and innovative end-to-end solutions in the IT and outsourced business segments.

Inventory of agile, best suited and next level practices for ITSM in the context of the enterprise

Repeal, Refresh and Renew the service management processes, policies and approach through SUMMIT

Make a Continuous improvement plan through automation roadmap yielding the benefits

Sustain the platform with continuous delivery of the simplified process for improving the user experience

1

2

3

4

QUICK LINKSServicesPracticesResourcesCustomersAbout UsContact Us

CONTACT INFOCMS IT Services

No.236, (Old Sy No. 291-92/ 1A)

Konappa Agrahara Village,

Electronics City, Phase 1,

Bangalore-560 100, Karnataka

CMS IT Services is one of India’s top IT services firms and provides complete solutions to large corporations across all sectors, including banking, insurance, retail, telecom and manufacturing, the company has support infrastructure spread across 30 branches and 220 direct support locations in India. CMS IT Services provides new, cost effective and cutting-edge IT infrastructure solutions that are reliable, resilient and responsive. CMS IT Services has extensive experience in managing complex IT implementation projects and integration of emerging technologies in a dynamic environment. CMS IT partners with leading IT security vendors and