This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
3. 88 percent of Fortune 500 companies have employees infected
with Zeus
-RSA Research0
Signature Based Technologies alone are not sufficient
Attacks are getting more focused and Advanced
Too many Point solutions working in Silos
Human factors can never be taken out of equation
Limited Intelligence sharing and intelligence utilization
Lack of real situation awareness, False Sense of Security
Constantly emerging new technologies <-> threat vectors
Botnets APTs
IDS/IPS AV Proxies SIEM
Awareness Social Eng.. Malicious Intent
Network Host Identity Data
Cloud Mobility
Zero Day Vuln. Attackers Patterns
Misconfiguration Metrics & KPI
Social
SodoesRSA,Sony,TJMax….
Policies, Regulations (Acceptable Use, Risk mgmt)
Identity Management( Access, Role, Pwd)
Data Security(Encryption, DLP)
Applications/Databases(Security testing, WAF)
End Point Controls( Anti-Virus, FIM)
Network Security ( F/W, IDS/IPS, Proxy)
Physical Controls(Access, Cameras, locks)
Existing Security Controls and Evolving Threats
3
4. Today’s Enterprise Security Landscape
Threats & Multiple Point Solutions
Process
Vendor Security
Assessment
Security Policy
Management
Control
Automation
Risk
Management
Training &
Communication
Compliance
Adherence
Mobile business
People
Privileged User
Password
Management
Roles &
Entitlements
User Access
Management /
Monitoring
Access
Reviews &
Attestations
Federation &
SSO
Identity Theft
Threat –
Insiders &
Outsiders
Data
Data Loss
Prevention
Information
Exchange (IRM)
Content
Security
End Point
Protection
Data Protection
Directives
Data Loss -
Social
Networking
Sensitive Data
Vaulting
Infrastructure
Host Intrusion
Detection and
Prevention
Network &
Perimeter
Security
Data Loss
Prevention
Intrusions
(viruses,
worms)
Production / Non
production Data
Masking
Security
Monitoring
Cyber threats /
warfare/APT’s
Cyber
Analytics
Applications
Secure Design
Review
Security Source
Code
Consulting
Pre Dev
Security
Assessment
Threat &
Vulnerability
Management
Malware
Re engineering
Application
Vulnerability
Testing
Security
Assurance
Secure SDLC
Training
Platforms /
Systems
Security Patch
Management
Antivirus/Anti-
Malware
Management
Endpoint
Security
Data Loss
Prevention
Encryption
Professional
cybercrime
Malware
Engineering
EUC, Mobility &
Cloud
Communication
Interception
Network
Security
Antivirus/Anti-
Malware
Management
MDM / device
Loss and Theft
Application
Security
Assurance
SIP
Vulnerabilities
protection
Penetration &
Vulnerability
Testing
IP phone & PBX
protection
4
5. • Risk driven: To ensure
continuous awareness and
mitigation of existing and
emerging threats, risks
• Holistic: To cover all the layers
including infrastructure,
applications, data and users and
architectures
• Adaptable: To address new
business models and enables
emerging technology adoption
• Efficient: To support business
dynamics and maximize return
on investment
• IAM – Provisioning, federation,
access governance, Access
Mgmt, eSSO, MFA
• Data – Encryption, DLP, IRM,
Obfuscation, tokenization, File
protection
• Application – Code/design
review, penetration testing
• Network – APT, Anomalies,
Application level awareness,
complete visibility
• GRC – Risk Assessment,
Metrics & Reporting,
Compliance automation
• End Points – Heuristics,
Anomalies, Application controls
CHARACTERISTICS TECHNOLOGY ENABLERS
Need for Cyber Security
- Integrated and Pervasive Security
Network
Servers/Endpoint
Applications
Data
Users
Governance, Risk, Compliance
OffPremise
Any
Device
Any
Time
Any
Where
OnPremise
5
CIA
7. Cyber and Infrastructure Security
Solution and Service Portfolio
Assessment
Services
Transformation
Services
Managed Services
Host and End Point Security
Advanced Malware Protection
Datacenter and Perimeter Security
Security Monitoring Services
(SIEM and SOC)
Security Device Management Services
Proactive Network Risk Assessment Network Threat Modeling
Cloud and Virtualization Security
Vulnerability Management
Firewall Auditing
Configuration Management
Network APT Protection
Network Access Control
File Integrity Monitoring
Application Control
Next Gen F/W, IDS/IPS
VDI Security
Virtual Server Protection
Cloud Security Monitoring
SIEM Health Check
SOC Assessment
SIEM/SOC Setup
Next Gen SOC Setup
SOC Management/Monitoring
Cyber Vigil platform
24/7 Security Management and Operations
Network Forensics ServicesMalware Defense Strategy
Device Management
Mobility Security Strategy
7
8. Monitoring
• Monitor the Health and Availability of
Security Devices
• Notifications and incident creation
based on SOP
Manage
• Technology Management and basic
provisioning
• Deployment enhancements
SOP based
Services
• Standard Operating Procedure driven
Incident management, trouble shooting
• Operational Reporting
Level 1
Maintain
• Remediation Support
• Performance and Capacity analysis
• Minor Upgrades
Troubleshoot
• Escalated incidents from Level 1
• Investigate repeat incidents
• Participate in Root Cause Analysis
Configure
• Policy Changes
• Configuration Audit
• Coordination for change management
Level 2
Manage
• Investigation and advanced
troubleshooting
• Upgrades and RCAs
• Vendor / OEM coordination
Service
Improvement
• Review the Trends and problems
• Build Service improve plans and
enhance KPIS
• Service Reporting
Change
• Change Approval
• Technology review and
Enhancements
• Automation
Level 3
Firewalls IDS/IPS AV/FIM/HIDS Proxy/Web Filtering Vulnerability Mgmt Risk Mgmt
Wireless Malware Protection Email Security Web applications
Database Activity
Monitoring
LM/SIEM
Managed Security-Service Delivery
8
9. Reactive Response
Proactive Defense • Threat and Risk Assessment
• Know your critical Assets
• Know your high risk Users
• Threat intelligence gathering
Historical Analysis
Real time and Predictive • Early Detection and response
• Attack Modeling and simulations
Signature based
Behavior Based • Baseline and deviation tracking
• Whitelist and track exceptions
• Advanced Analytics and Heuristics
• Anomaly detection technologies
Infrastructure context
Business Context • Address business needs
• Business Apps context
Alert Analysis
Alert + Data Analytics • Hidden intelligence from Noise
• Advanced Reporting and visualization
Targeted attacks are penetrating
standard levels of security
controls, and causing significant
business damage to enterprises
that do not evolve their security
controls,”
- Gartner.
Our Approach-Next Gen Security
Defending against advanced Threats
9