How to Simplify Audit Compliance with Unified Security Management

1,232 views

Published on

Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard.

Review this presentation to learn:
- Common audit compliance failures
- A pre-audit checklist to help you plan and prepare
- Core security capabilities needed to demonstrate compliance
- How to simplify compliance with a unified approach to security

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,232
On SlideShare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
37
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and employing the right defenses, to avoid becoming a target themselves.

    How do we ensure that the information related is not only getting pushed to the right place, but automated pushed down the line so that not just the first organization benefits but every other organization benefits from that response as well. We have the framework built out – limited information, IP information.
  • How to Simplify Audit Compliance with Unified Security Management

    1. 1. WWW.ALIENVAULT.COM How to Simplify Audit & Compliance with Unified Security Management Patrick Bedwell VP, Product Marketing
    2. 2. Common Audit Failures Pre-Audit Checklist Core Security Capabilities How To Simplify Compliance With a Unified Approach Q & A Agenda
    3. 3. Setting The Stage… Common Challenges & Pre-Audit Checklist
    4. 4. The Era of Big Data Breaches
    5. 5. The Era of Targeted Attacks 74% of attacks on retail, accommodation, and food services companies target payment card information. Data from Verizon Data Breach Investigations Reports (DBIRs), 2011, 2012 and 2013
    6. 6. The Era of… Uh-oh > 1.9 million Point-of-Sale (POS) machines run Windows XP ~ 95% of ATMS in US still run Windows XP
    7. 7. Poor Compliance When Breached PCI Regulation #10 • Track & monitor all access to network resources & cardholder data Source: Verizon 2014 PCI Compliance Report
    8. 8. http://www.sans.org/critical-security-controls SANS Top 20 Critical Security Controls 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4. Continuous Vulnerability Assessment and Remediation 5. Malware Defenses 6. Application Software Security 7. Wireless Access Control 8. Data Recovery Capability 9. Security Skills Assessment and Appropriate Training to Fill Gaps 10.Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11.Limitation and Control of Network Ports, Protocols, and Services 12.Controlled Use of Administrative Privileges 13.Boundary Defense 14.Maintenance, Monitoring, and Analysis of Audit Logs 15.Controlled Access Based on the Need to Know 16.Account Monitoring and Control 17.Data Protection 18.Incident Response and Management 19.Secure Network Engineering 20.Penetration Tests and Red Team Exercises
    9. 9. Why Is This Control Critical How to Implement This Control Procedures and Tools Effectiveness Metrics Automation Metrics Effectiveness Test System Entity Relations Detailed Information for Both the IT Practitioner & Auditor
    10. 10. What Do I Need To Simplify Compliance?
    11. 11. To simplify how organizations detect and mitigate threats • Benefit from the power of crowd-sourced threat intelligence & unified security AlienVault Vision
    12. 12. The AlienVault Approach
    13. 13. Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory The AlienVault Approach
    14. 14. Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification The AlienVault Approach
    15. 15. Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring The AlienVault Approach
    16. 16. Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring The AlienVault Approach
    17. 17. Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response The AlienVault Approach
    18. 18. AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage Three Components
    19. 19. Three Components, Three Form Factors AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AMIVirtual AppliancePhysical Appliance AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage
    20. 20. Integrated Threat Intelligence 20 • OSSIM • Free Tools • USM
    21. 21. Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products
    22. 22. Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack
    23. 23. Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect
    24. 24. Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Respond Detect
    25. 25. Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
    26. 26. OTX Enables Preventative Response Through an automated, real-time, threat exchange framework
    27. 27. A Real-Time Threat Exchange Framework First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience
    28. 28. A Real-Time Threat Exchange Framework First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures
    29. 29. Benefits of Open Threat Exchange Shifts the advantage from the attacker to the defender Open and free to everyone Each member benefits from the incidents of all other members Automated sharing of threat data
    30. 30. Threats Change. Your event correlation rules, IP reputation data, etc. should change too. It’s Impossible to Predict All Bad Things. You need a solution that evolves with you. The Need to Adapt What’s not in the fine print but should be… Dynamic threat intelligence updates Flexible use case support
    31. 31. Reputation Monitor • External view of IPs - Targeted? ThreatFinder • Internal view of IPs - Compromised? OSSIM • World’s most widely used open source SIEM product Free Tools
    32. 32. AlienVault Labs Threat Intelligence Coordinated analysis, actionable guidance  Weekly updates to coordinated rule sets:  Network IDS  Host IDS  Asset discovery / inventory database  Vulnerability database  Event correlation  Report modules and templates  Incident response templates / “how to” guidance for each alarm  Plug-ins to accommodate new data sources
    33. 33. Unified Security Management in Action
    34. 34. Now for Some Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial www.alienvault.com/free-trial Try our Interactive Demo Site www.alienvault.com/live-demo-site Free Tools www.alienvault.com/open-threat- exchange Thank You! Patrick Bedwell pbedwell@alienvault.com

    ×