More Related Content Similar to Data Consult Managed Security Services (20) Data Consult Managed Security Services2. AGENDA
● Cloud:
○ Own v/s Lease
○ Decentralization of IT
● Network Security:
○ Threats
○ Impact and Urgency
○ Cost of Breach
○ Logs
● Solution
○ Overview
○ Architecture
○ Packages
● Backup Slides
4. Cloud : Own versus Lease
● Own the asset: you
can modify it as
you please
● You can sell it
whenever you
want
● More economical
on the long run
● High Investment -
Depreciation
● Lower down payment
● Lower monthly
payments
● Lower maintenance
costs
● Ability to modify the
offering at any time
● Ability to change asset
every year or two
● Faster time to install
● No need for in-house
expertise
● No rent space
● Increase or decrease
capacity at will
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
5. Cloud Services
Deploy faster and easier
Decrease budget and avoid
vendor lock-in
Lower footprint on your network
Save on technology upgrades and
maintenance
Ensure compliance to regulatory
mandates.
Gartner defines cloud
computing as “...a style of
computing in which
scalable and elastic IT-enabled
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
capabilities are
delivered as a service
using Internet
technologies.”
6. Cloud: Decentralization of IT
Users
Data
Application
Tools
Database
Network
OS
Hardware
On-Premises
Users
Data
Application
Tools
Database
Network
OS
Hardware
IaaS
Users
Data
Application
Tools
Database
Network
OS
Hardware
PaaS
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Users
Data
Application
Tools
Database
Network
OS
Hardware
SaaS
7. SaaS: ROI
Line item Cloud On-premise
Initial license fee None Extensive
Subscription fee Charged by usage None
Maintenance fees Included Percentage of license fee
Support costs Included Extra
IT stang Significant reductions Significant
Data center upkeep and
maintenance
None Large, ongoing
Upgrade fees Included Significant
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
9. Threats
Trojan Horse
File infection
Spam email
zero-day attacks
Software vulnerabilities
OS vulnerabilities
Identify theft
Mobile Loss
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Phishing
10. Causes
Ponemon Institute / Symantec - Cost of Data Breach Study 2014
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
11. Impact
and
Urgency
4 3 2
3 2
2 1 1
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
1
Business Process
affected.
Workaround
available.
Business Process
stopped. Can bare
minimal delay.
Very hard
workaround
Business Process
stopped. No work
around
Urgency
Impact
Any system minor
degradation non-business
critical.
<50% of users
impacted
Any system
degraded or
partially
unavailable. >50%
of users impacted
Any system
unavailable.
100% of users
impacted
12. Cost of Breach
IBM Data Breach Statistics 2014
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
13. Logs
log /lôg läg/ - noun
"a record of performance, events, or day-to-day activities"
synonyms: record, register, logbook, journal, diary, chronicle,
daybook, record book, ledger;
SNMP
ODBC
WMI
SDEE
CPMI
syslog
netflow
ssh
native FIM
Registry
Monitor
custom XML-based
One Solution
Vulnerability
Scanner
Configuration
Management
Asset Analytics
Performance
Monitoring
Network
Behaviour
Analysis
RDEP Forensics
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Log
Management
14. Log Management
Functionality
Log Management
(LM)
Security Information and Event
Managment (SIEM)
Log collection Collect all logs Collect security relevant logs + context data
Log pre-processing
Indexing, parsing
Parsing (universal collection), normalization,
categorization, enrichment
Log retention Retain raw log data Retain parsed and normalized data
Reporting Broad use reporting
Focused reporting: security, asset,
configuration...
Analysis Full test analysis, tagging
Real-time event correlation, threat scoring,
event prioritization
Alerting and
notification
Simple alerting on all logs
Categorized focused alerting, user activity,
dashboards, monitors, file integrity monitoring
Other features
High scalability of collection
and storage
Incident Management, analyst workflow,
context analysis, forensics, configuration audit,
application monitoring, compliance
automation, vulnerability monitoring
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
16. Solution Overview
MSS is a Unified Security Management service that
combines multiple security functions in a single
console:
● SIEM (security information and event
management)
● Secure Configuration Auditing
● Compliance Automation
● Contextual Forensic Analysis
Network state and event data is collected
continuously. The system deploys alert
correlations schemes to identify suspicious activity
that can develop into threats affecting your
business.
Network data collected is compressed and
encrypted to avoid network congestion and
ensure maximum security of your data.
‘... customers need to
examine security event
data in real time for
internal and external
threat management, and
to collect, store, analyze
and report on log data for
incident response,
forensics, and regulatory
compliance…’
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
17. Architecture
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
18. Key Components
● Full SIEM deployment with real-time security monitoring,
historical analysis and event correlation
● 24x7 security and configuration device monitoring:
IPS/Firewall/VPN/Servers/Virtual Environments; up to
160 different node types
● Customized web-portal dashboard to provide real-time
reports and statistics
● Dedicated engineering consultants to support with
forensic investigation and remediation
● Compliance and security risk reviews: PCI DSS, HIPAA,
ISO27001/27002, COBIT, NIST800-53…
● Consulting Services - Security Posture Analysis and
Recommendation
● Full Engineering and Management Services
‘...the technology
provides real-time
security monitoring,
historical analysis, and
other support for incident
investigation and
compliance reporting...’
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
19. Dashboards Online
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
Demo:
20. Summary
Get Security Monitoring installed in minutes
Low monthly subscription fees
Scale very easily
Leverage DataConsult’s expertise in security
Ensure compliance to regulatory mandates.
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
21. Packages
MSS feature
MSS1
(Reporting)
MSS2
(Premium)
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
MSSe
(Consulting)
MSSe+
(Managed)
Log Collection X X X X
Event Reporting X X X X
Asset and Performance Monitoring X X X X
Daily Security Status Reports X X X X
Forensic Investigations X X X
Configuration and Asset Management X X X
Event Correlation X X X
Network Behaviour Analysis X X X
24x7 Live Alert Monitoring & Notification X X X
Monthly Health Reports X X X
Compliance Automation X X
Security Analysis and Recommendation X X
Remediation and Control X
Full Device Management X
24. Critical Events per Hour
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
25. Denied Connections per Hour
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
26. Alert Configuration
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
27. Destination Blocking
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
28. Destination Protocol
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
29. User by Protocol
© Copyright 2012 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
31. MALicious softWARE
Cisco Annual Security Report 2014
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
32. Vulnerabilities
Kaspersky Security Bulletin 2014
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission
33. Mobile Device Theft
Sophos Security Threat Report 2014
© Copyright 2014 DATACONSULT All rights reserved. No part of this presentation in all its property may be used or reproduced in any form without a written permission