Security Management
Evolution and solutions
Christophe Briguet
cbriguet@exaprotect.com © 2008 Exaprotect

Why
infrastructures are
evolving?

60%
of the IT budget
is allocated to
operation *
* Gartner 2007

 Sarbanes-Oxley Act
 European Directives
 ISO 27001
 PCI-DSS
 FSA
 HIPAA

62%
of security
incident are
human error *
* Verizon 2008 Data Breach Investigation Report

5 years of
exclusive
10 years rights
of R&D
1 molecule / 1000 succeed on the market

~1 admin for 50 servers in 2000

~1 admin for 200 servers in 2008

100 000 000 users - 70 employees

54 000 000 users - 200 employees

Water-Based Data Center

50%
of the carbone footprint
of air transportation

50%
ZZZZZZZ
of the time*
* IDC 2008

12/1
80%

100
Virtual firewall
+100
+10 000
Access
Daily changes
list

External Vs Internal

Why security best
practices have
changed?

*
* Diversity

53%
of company merged parts of their
physical and logical security *
* Gartner

9.1.1 Use video cameras or other access control
mechanisms to monitor individual physical access to sensitive
areas. Review collected data and correlate with other
entries…

Logs are like cars …

X2
each two years

You can't
“
efend. You can't
d
revent. The
p
ly thing you
on
o is detect
can d
-oucedh”
Br n Sc. neier
and resp

40%
of organization are
thinking about ITIL *
From disorganization to process ...

Incident management
Problem management
Change management
Release management
Capacity management
Availability management
Service level management
Configuration management
Security management
Etc.
From disorganization to process ...

From process to tools...

Products & solutions

LogManager & EventManager
S e c u r i t y I n f o r m a t i o n
a n d E v e n t M a n a g e m e n t

Solsoft ChangeManager
Network Configuration and
C h a n g e M a n a g e m e n t

Example of security best practices

BP #1 Get a clear picture of your network topology

BP #2 Use a central rules management system
smtp

BP #3 Test before implementing a new configuration
Compilation results
A rules may hide another one

BP #4 Collect and consolidate logs

B P # 5 A u t o m a t e t r e a t h d e t e c t i o n
Authentication
Login success
Authentication

Potential Identity
Hijacking on user
account Wilcox
EventManager
Correlation
Same time window and same user account and differente
Aggregation and
network
x Success authentication user Wilcox
2
Normalization
User logging sucess
User authenticated

overlooking the obvious

BP #6 Remediate in a collaborative way
Remediation
Incident Case
Order
EventManager
ChangeManager

Plan « B » ?

B P # 7 A u t o m a t c h a n g e m a n a g e m e n t
Adjust security policies
EventManager
New VM deployed
Virutal Machine New Virtual
hyperviseur
Machine

EventManager
New Virtual Add the new Virtual Machine
Machine
…
… to the log management … to compliance reports
process

ChangeManager
New Virtual Add the new Virtual Machine
Machine
…
… to the VPN
… to the network … to the NAT
configuration
filtering policy
configuration

Process and best practice
Change Regulatory Security
management
compliance
monitoring
EventManager
ChangeManager
LogManager

Thank you !
cbriguet@exaprotect.com