Risk Management and Remediation


Published on

Speakers: Kurt Van Etten, Symantec Director, Product Management

Stephen Brown, Arellia, President

Dan McManus, Arellia, Director of Sales

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Allows you to define what can be remediated automatically vs. what may require manual review (based upon organization policy)
  • ARELLIARather than becoming another assessment focused tool, we created a tool to drive automated remediation using SCAP and the underlying open standardsESRS enables Operations to:Identify or import issues from an SCAP assessment productAutomate the remediation tasksPredefine remediation tasks that meet requirements for change management approvalEach security policy provides quick information on:Assessments completedCompliance trend over timeIndividual computer compliance scoresRemediation actions can be automatically generated after an assessment and can be approved from the Remediation Approvals tab.
  • Risk Management and Remediation

    1. 1. Risk Management and Remediation Kurt Van Etten Stephen Brown Symantec Arellia Director, Product Management President Dan McManus Arellia Director of SalesRisk Management and Remediation 1
    2. 2. Agenda 1 Need to Move to Risk Management 2 Deeper Dive on Risk Manager 3 RemediationRisk Management and Remediation 2
    3. 3. Rapid Maturation of Information Security Risk Scoring & Cyberscope Management Reporting Continuous Monitoring • Focus on top priorities • Reporting to higher • Drive action to • Peer Comparison reduce risk • Collection of Data • Vulnerability • Configuration • ProceduralRisk Management and Remediation 3
    4. 4. Symantec Approach to IT Risk Management How do IT risks How do you convey How do you affect your IT risks to your drive measurable mission? peers? risk reduction? CCS RISK MANAGER TRANSLATE INFLUENCE ACTRisk Management and Remediation 4
    5. 5. Introducing CCS Risk Manager CCS RISK MANAGER TRANSLATE INFLUENCE ACT » Define virtual » Convey IT risk in » Prioritize based on business assets business terms business impact » Connect related » Customized views » Align Security and IT assets for greater impact IT Operations » Create business » Justify new security » Track risk reduction view of IT risk investments over timeRisk Management and Remediation 5
    6. 6. Current View of IT Risk – Technology CentricRisk Management and Remediation 6
    7. 7. Translating IT Risk Transaction Processing System CaseManagementRisk Management and Remediation 7
    8. 8. Translating IT Risk Transaction Processing System CaseManagementRisk Management and Remediation 8
    9. 9. Using Risk to Drive Accountability and Action Transaction Processing System Plan Current Projected Target Name Risk Objective Status Score Score Date Owner Plan A B Secure Configuration Completed Submitted 3.65 2.75 2.75 3/15/12 Bob Plan B C Patch Level Standard Completed Submitted 4.22 1.81 1.81 4/11/12 Joe Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe Plan D C Protect Web Servers Completed Submitted 3.51 2.10 2.10 2/28/12 DaveRisk Management and Remediation 9
    10. 10. CCS Risk Manager Highlights  Define a business asset you want to manage  Visualize and understand IT risk for this business asset  Prioritize remediation based on IT risk, not technical severity  Monitor risk reduction over timeRisk Management and Remediation 10
    11. 11. Visualize and Understand IT Risk Enterprise Wide View of Business RiskRisk Overview for People’s Bank Risk & Compliance Sales Specialist Training - CCS Risk Manager 11
    12. 12. Visualize and Understand IT RiskBalanced View of Business and Operational Metrics Drill down to technical detailsRisk & Compliance Sales Specialist Training - CCS Risk Manager 12
    13. 13. Prioritize Remediation Based on RiskRisk ModelingRisk Management and Remediation 13
    14. 14. Prioritize Remediation Based on RiskRemediation Plan by Risk Objective Review & finalize remediation planRisk Management and Remediation 14
    15. 15. Monitor Risk Reduction Over TimeManage Remediation Plans Track risk reduction for remediation plansRisk Management and Remediation 15
    16. 16. Effective Risk Management Data Driven View of Risk • Cross-reference multiple data points for a true view of risk1 • Combine 3rd party data for ‘composite’ risk score • Easily digest and distill data from thousands of devices Ability to Show Business Value • Map IT assets to business assets2 • Present relevant information to business peers • Flexible reporting – avoid costly re-mapping efforts Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time3 • Develop action plans to manage entire remediation process • Demonstrate risk reduction over timeRisk Management and Remediation 16
    17. 17. Effective Remediation• Remediation: The act or process of correcting a fault or deficiency• Automating Remediation can: – Fix 95% of Security Profile settings w/o manual intervention – Immediately address an environment’s post-audit vulnerability status – Provide significant ROI Risk Management and Remediation
    18. 18. Why Haven’t We Automated Remediation?• Auditing and Remediation – Security (Auditing) vs. Operations (Change Management)• SCAP Validated • Means that we can ingest SCAP audit results!!!• Standards Enable Security • Common language between security and management • Security results become Management Tasks• Automatic remediation for 6 well known configuration types • Registry settings • Local password policies • Security audit • Service configuration • Account lockout • Account privileges• Actionable, Automated, & Auditable 18 Risk Management and Remediation
    19. 19. Closed Loop Direct Remediation SCAP Audit Initiated • FDCCSCAP Audit Tool Remediation Tool • USGCB • STIG • CIS End Point 19 Risk Management and Remediation
    20. 20. Closed Loop Direct Remediation Audit Complete • Results AvailableSCAP Audit Tool Remediation Tool via Reporting Security Results  Management Tasks Remediation Tasks Executed End Point • Approval Manual and/or Automated 20 Risk Management and Remediation
    21. 21. Closed Loop Direct Remediation Remediation Complete • Results Available viaSCAP Audit Tool Remediation Tool Reporting Remediation Complete • SCAP Audit Tool Notified SCAP Validation Audit End Point • FDCC, USGCB, etc. Risk Management and Remediation
    22. 22. Closed Loop Direct Remediation Validation Audit CompleteSCAP Audit Tool Remediation Tool • Results Available via Reporting End Point 22 Risk Management and Remediation
    23. 23. Didn’t You Mention Something About ROI?Example: Windows 7 • Fix 95% of Security Profile settings w/o manual intervention•• Post “Typical” Install an environment’s post-audit vulnerability status Immediately address of Windows 7, run a USGCB audit• Windows 7 installation will be around 30% compliant • Provide a significant ROI to a customer (70% failure to comply) Manual Audit Costs Number of issues to address 100 Minutes per issue 5 Total Time (Hours) 8.33 Jr. Admin Salary $50,000 TOTAL COST $200.32• Soft costs (unfactored): Lost productivity of Jr. Admin AND End User• Will need to perform remediation again after next audit! Risk Management and Remediation
    24. 24. Remediation Actions
    25. 25. SecurityConfiguration Visibility
    26. 26. How Arellia Can Further Help Effective Risk Management D Removing End Users’ Administrator A Securing Local Admin Accounts & Rights Passwords Application Automating Whitelisting Remediation C B
    27. 27. Privilege Management: Increasing Security AND End User Productivity Privilege Management: The ability to enable or secure applications through the addition or removal of user rights.1 in 14 Programs downloaded in Windows are malicious 43% 2011 MS Bulletins address Privilege Exploitation110 Million Estimated new Windows 7 users in 2012 Annual cost savings per managed endpoint: $653 “moderately managed” vs. “locked and well-managed” Risk Management and Remediation
    28. 28. Windows 7 End User Accounts: High Security Posture AND End User Productivity “Ideal” end user model? “Privilege management and • Standard User with elevated application control tools help privileges for predeterminedachievecustomer) functions (by total cost of ownership(TCO) Cannot be doneclose to third – reasonably without a that party tool of a locked and well-managed • Balances security needs user, while giving users some with end user productivity ability to control their – Security posture remains high systems.” – End user productivity remains high Gartner: “The Cost of Removing – Support costs at all levels Administrative Rights for the Wrong lowered Users” (April 2011) Risk Management and Remediation
    29. 29. Local Administrative Rights:The Interrogative Process•Who has Admin Access?!?!?•What was the justification?•When were these waivers last reviewed?•Where in my organization are these local end user accounts with admin rights?•Why aren’t my GPOs enough?Risk Management and Remediation
    30. 30. How Do I Fix This?• Local Admin Password: Randomization & Cycling• Discover local user accounts – Including accounts with admin rights• Group Membership Enforcement• Windows Service Account Management• Auditing of Administrator Account Usage• Local Security Inventory and Configuration• Compliance ReportingRisk Management and Remediation
    31. 31. www.arellia.com Item DescriptionHow to purchase Sold exclusively via Symantec sales and partnersBuying Options Available in Symantec buying programsContacts 800.889.8091 (Option 1) or SalesStaff@arellia.comData Sheets www.arellia.com/solutionsForums / Documentation portal.arellia.com/wikiVideos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideoWebcasts / Events www.arellia.com/eventsBlog www.arellia.com/blogTwitter @ArelliaSoftwarePartner Portal arellia.channelplace.net
    32. 32. Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.Risk Management and Remediation 32