Enterprise Security Management Service (ESMS)

TeamInfoSec Background – About Us
TeamInfoSec was founded in 2003 by Paul C Dwyer CISSP, CISM and ISO 27001 Lead Auditor. The firm provides professional information security
consultancy. Paul is an Internationally recognised InfoSec expert with over 18 years experience.
Credentials include:
CISSP
CISM
ISO 27001 Lead Auditor
BSI BS25999 Consultant
IEEE
Member of the Computer Society
Member of the Business Continuity Institute
Member of the Computer Security Institute
3Com Certified Partner
ENCASE Trained Forensic Specialist
Member of the High Tech Crime Network
Microsoft Certified Engineer
Novell Certified Engineer
Certified Ethical Hacker
National Crime Faculty preferred supplier
Qualys Certified Specialist
Association of Information Managers
BSI Associate Consultants
2

TeamInfoSec Services
3

TeamInfoSec Clients – Who We Work With?

ESMS – How It Came About
ESMS – Where it all began?
“It is of course pointless having an access control system and security policy
if the system cannot identify any potential abuses. Consequently, a system
should be able to identify the user name that accessed a file, as well as the
time of the access. A log of alterations made, along with
author/editor, should also be created. Not only can this help in the effective
administration of the security system, its existence should also act as a
deterrent to those staff tempted to abuse the system.”
- Data Protection Commissioner
5

TeamInfoSec – Sought Holistic Solution
Complete Network Security
Monitoring Reporting Forensics Visualization
Data Archival
~ end-to-end correlation ~
ESMS
Log Management Vulnerability Configuration Asset Performance
NBAD
Analytics Analytics Analytics Analytics
SSH
Syslog Scanners Telnet MIB NetFlow
API
SSH
Traditional SIM
SNMP
API
Telnet/SSH
Syslog Trap MIB API Flow
6

The Bottom Line
• Such a solution did not exist for large & small organisations
• Solutions were too complicated
• Too expensive ($250,000+) per site
• A number of single point solutions required to adequately
monitor devices
• Not all platforms supported
• Reporting capabilities extremely limited (PCI Reports etc.)
• Requirement by law and under financial standards and
regulation
7

ESMS Was Born
8

Holistic Solution for Network Security

Comprehensive – Tailored Solution

Holistic Solution ------------- Centralised – Lower Cost
Log Management Configuration
SIM / SEM Solutions Management
Enterprise Console
Asset
NBAD
Management
A Single
Platform
to Manage
ALL DATA
Vulnerability Performance
Scanners Management
Integrated Security, Risk
and Audit Management
Platform – ESMS
Point Management Products
11

ESMS – Benefits Summary
• Multiple Problems – Single Solution
• Cost Effective
• Flexible
• Easy to Deploy
• Holistic Solution
• Proven Track Record
• Tailored for Large & Small Organisations
12

ESMS – How It Works
13

ESMS Security Centre – Graphical & Statistical Breakdown
An attacker might:
Step 1 Probe your network [LOG DATA]
SIM
Step 2 Execute an attack [LOG DATA]
Step 3 Gain system access [LOG DATA]
Step 4 Make configuration changes [CONFIG DATA] ESMS
Step 5 Create new accounts [SYSTEM DATA]
Step 6 Install rogue applications [ASSET DATA]
Step 7 Data Theft [FLOW DATA]
14

ESMS Reporting Capability
An attacker might:
Step 1 Probe your network [LOG DATA]
SIM
Step 2 Execute an attack [LOG DATA]
Step 3 Gain system access [LOG DATA]
Step 4 Make configuration changes [CONFIG DATA] ESMS
Step 5 Create new accounts [SYSTEM DATA]
Step 6 Install rogue applications [ASSET DATA]
Step 7 Data Theft [FLOW DATA]
15

ESMS – 10 Reasons Why You Need It
16

ESMS – Next Steps – Contact TeamInfoSec
17