how to simplify audit compliance with unified security management
DESCRIPTION
Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard. Review this presentation to learn: - Common audit compliance failures - A pre-audit checklist to help you plan and prepare - Core security capabilities needed to demonstrate compliance - How to simplify compliance with a unified approach to securityTRANSCRIPT
WWW.ALIENVAULT.COM
How to Simplify Audit & Compliance with Unified Security Management
Patrick BedwellVP, Product Marketing
Common Audit Failures
Pre-Audit Checklist
Core Security Capabilities
How To Simplify Compliance With a Unified Approach
Q & A
Agenda
Setting The Stage…Common Challenges & Pre-Audit Checklist
The Era of Big Data Breaches
The Era of Targeted Attacks
74% of attacks on retail, accommodation, and food services companies target payment card information.
Data from Verizon Data Breach Investigations Reports (DBIRs), 2011, 2012 and 2013
The Era of… Uh-oh
> 1.9 million Point-of-Sale (POS) machines run Windows XP
~ 95% of ATMS in US still run Windows XP
Poor Compliance When Breached
PCI Regulation #10
• Track & monitor all access to network resources & cardholder data
Source: Verizon 2014 PCI Compliance Report
http://www.sans.org/critical-security-controls
SANS Top 20 Critical Security Controls
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses6. Application Software Security7. Wireless Access Control8. Data Recovery Capability9. Security Skills Assessment and
Appropriate Training to Fill Gaps10.Secure Configurations for
Network Devices such as Firewalls, Routers, and Switches
11.Limitation and Control of Network Ports, Protocols, and Services
12.Controlled Use of Administrative Privileges
13.Boundary Defense14.Maintenance, Monitoring, and
Analysis of Audit Logs15.Controlled Access Based on
the Need to Know16.Account Monitoring and
Control17.Data Protection18.Incident Response and
Management19.Secure Network Engineering20.Penetration Tests and Red
Team Exercises
Why Is This Control CriticalHow to Implement This ControlProcedures and ToolsEffectiveness MetricsAutomation MetricsEffectiveness TestSystem Entity Relations
Detailed Information for Both the IT Practitioner & Auditor
What Do I Need To Simplify Compliance?
To simplify how organizations detect and mitigate threats• Benefit from the power of crowd-sourced
threat intelligence & unified security
AlienVault Vision
The AlienVault Approach
Asset Discovery• Active Network Scanning• Passive Network Scanning• Host-based Software
Inventory
The AlienVault Approach
Asset Discovery• Active Network Scanning• Passive Network Scanning• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability
Testing• Remediation Verification
The AlienVault Approach
Asset Discovery• Active Network Scanning• Passive Network Scanning• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability
Testing• Remediation Verification
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
The AlienVault Approach
Asset Discovery• Active Network Scanning• Passive Network Scanning• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability
Testing• Remediation Verification
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability
Monitoring
The AlienVault Approach
Asset Discovery• Active Network Scanning• Passive Network Scanning• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability
Testing• Remediation Verification
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability
Monitoring
Security Intelligence• SIEM Event Correlation• Incident Response
The AlienVault Approach
AlienVault Server to aggregate data and manage the
deployment
AlienVault Sensor to collect data from the infrastructure
AlienVault Logger for long term
storage and reporting
AlienVault All-in-One to collect, aggregate, and
store data as well as manage
Three Components
Three Components, Three Form Factors
AlienVault Server to aggregate data and manage the
deployment
AlienVault Sensor to collect data from the infrastructure
AMIVirtual AppliancePhysical Appliance
AlienVault Logger for long term
storage and reporting
AlienVault All-in-One to collect, aggregate, and
store data as well as manage
Integrated Threat Intelligence
20
• OSSIM• Free Tools• USM
Traditional Response
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Traditional Response
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Traditional Response
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
Traditional Response
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Respond
Detect
Traditional Response
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
Respond
OTX Enables Preventative Response
Through an automated, real-
time, threat exchange framework
A Real-Time Threat Exchange Framework
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Open Threat Exchange
Puts Preventative Response Measures in Place Through Shared Experience
A Real-Time Threat Exchange Framework
First Street Credit Union
Zeta Insurance Group
John Smith Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
Open Threat Exchange
Protects Others in the Network With the Preventative Response Measures
Benefits of Open Threat Exchange
Shifts the advantage from the attacker to the defender
Open and free to everyone
Each member benefits from the incidents of all other members
Automated sharing of threat data
Threats Change. Your event correlation rules, IP reputation data, etc. should change too.
It’s Impossible to Predict All Bad Things. You need a solution that evolves with you.
The Need to Adapt
What’s not in the fine print but should be…
Dynamic threat intelligence updates
Flexible use case support
Reputation Monitor• External view of IPs
- Targeted?
ThreatFinder• Internal view of IPs
- Compromised?
OSSIM• World’s most
widely used open source SIEM product
Free Tools
AlienVault Labs Threat IntelligenceCoordinated analysis, actionable guidance
Weekly updates to coordinated rule sets: Network IDS Host IDS Asset discovery / inventory database Vulnerability database Event correlation Report modules and templates Incident response templates / “how to” guidance for each
alarm Plug-ins to accommodate new data sources
Unified Security Management in Action
Now for Some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
www.alienvault.com/free-trial
Try our Interactive Demo Site
www.alienvault.com
/live-demo-site
Free Tools
www.alienvault.com
/open-threat-exchange Thank You!
Patrick Bedwell [email protected]