SlideShare a Scribd company logo

CARMWhitepaper

Emily Goodenough
Emily Goodenough
1 of 12
Download to read offline
Next Generation, Profitable, Security Begins With a CARM Approach
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 2 Ever more alarming ‘facts’ about the heightened risks of the digital environment, a security landscape built on prevention, and the reality of breaches becoming more widespread and likely. The CARM approach from Exclusive Networks allows channel partners to swiftly identify gaps in customer security, provides complementary solutions that deliver effective, integrated, and sustainable security against known, advanced and evolving threats, realising significant business gains in the process.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 3 Introduction Because the pace of change in the digital world is ever increasing, it is widely recognised and commented on, that the rate, variety and severity of cyberattacks is increasing either in step, or more worryingly, ahead of the ability of organisations to maintain a secure digital presence. Accepting a security breach rather than simply trying to prevent it is the new norm. This presents a huge challenge to organisations with systems built around prevention and perimeter defence, a challenge amplified by new compliance requirements. Questions we ask ourselves: What to invest in and divest of? Where are attacks likely to come from? What’s our security legacy? Where is our soft-spot? What compliance regulations to meet? What, critically, is coming down the barrel next? There is a lot of general information and guidance, much government generated, about what organisations should do and a blizzard of scaremongering and ‘essential’ advice often frightening organisations into action, that whilst might address a particular element of the security landscape, rarely provides a complete picture. What is less clear is how to develop a strategy for dealing with today’s threats, what to do when breached and safeguarding against tomorrow’s emerging threats. Factor in the difficulty of knowing whose solutions to deploy out of the thousands on the market and what works best with what and the picture becomes very complex and only serves to ratchet up the fear factor. For channel partners, the demands from customers increase in line with their need and perception of risk and the onus to research, test, deploy and support solutions right for each and every one of their customers across the security spectrum, without taking unnecessary risks, becomes white hot. Where to turn to for researched, objective, proven & channel friendly solutions that address the complete security need, provide partners with complementary revenue streams and significantly reduce their operational costs? The answer: CARM – Cyber Attack Remediation and Mitigation provides channel partners with the framework and tools to confidently identify gaps in their customers’ security regime, how to most effectively close them and tighten their security policies to ensure compliance. CARM applies to customers of all sizes, in all markets irrespective of their current security profile and incorporates best-of-breed vendor solutions.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 4 A CARM Approach is a Controlled Approach CARM is built around the central tenet that in today’s world, cybersecurity, to be effective, needs to deal with more than prevention and perimeter security, it has to factor in the expectation that a breach will occur. At the heart of the CARM concept and framework is the ability to deliver an integrated security capability built around the three core axes of: This then provides the route to create an effective, integrated and complete security system across all platforms within all organisations. It is also scalable and recognising that one size doesn’t fit all, provides solutions relevant to the circumstances and requirements of each customer, dovetailing with existing customer security systems. CARM allows customers to tailor their security requirement and select vendors and technologies from each of the axes to fill any gaps in their current security capabilities and importantly, in accordance to the level of their security need – Essential, Core or Advanced.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 5 Find the Gaps It’s critical to point out that CARM is not a product or a marketing programme. The CARM framework allows channel partners to evaluate customers’ current security capabilities, identify potential gaps and show how a strategic end-to-end cybersecurity framework turns cybersecurity from a reactive posture into a pro-active, controlled operation across customers’ businesses and in doing so, realising significant benefits for them: For channel partners the advantages of embracing CARM are many. The vendor solutions within the three core axes are at the forefront of their field and have had the relevant level of due diligence, research and testing done by Exclusive Networks to ensure they are effective, work together and are fully committed to the channel. With the heavy lifting of key technology and vendor evaluation done, partners can access emerging technologies relatively risk free and have business issues like the compromise between security and putting the brakes on business operation and agility already considered and covered. This in turn frees up their time to be more customer focused and concentrate on delivering the benefits their customers need to maintain and grow their online and digital presence and ultimately, their competitive edge. Delivers threat landscape security - current and emerging Ensures compliance to current and future regulation Reduces reactivity and time to detect, react and mitigate Improves uptime, and hence productivity and profit in the short term and customer loyalty and growth prospects in the long-term Raises their security capabilities Increases control and understanding
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 6 Essential Elements of Complete Security With past security systems being either completely or predominantly focused on prevention there is a truism, borne out in research, that if an attack succeeds and a breach occurs then most organisations will be woefully unprepared for what to do in the event of this. It has been the case for the last few years that there is a considerable and potential business limiting gap, between the time to compromise or breach and the time to detect and respond. Typically a compromise will happen in minutes, whereas a detection and response time is at best in days, most often in in weeks and at worst in months. One report showed the typical detection gap to be 146 days, or over four months. As stressed, CARM is predicated on the fact that given an attacker needs to get lucky only once then organisations with an effective security system need to be lucky all the time. CARM integrates the three axes of Prevention, Detection and Reaction into a security life-cycle and assuming that on occasion the attacker will be successful at beating prevention mechanisms, is ready armed to significantly reduce any detection and reaction gaps.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 7 Mind all the Gaps Each axis contains proven vendor solutions that are focused on the key attack types and their nature. All work together and as already mentioned, can be deployed in conjunction with a customer’s existing legacy security regime, all together, or only the element required – it is all driven by customer situation and need. The functional security areas addressed by each axis are: Endpoint Respons Network Response SIEM PREVENTION the ability to defend: NG Firewall Platform PIM Endpoint Protection Vulnerability Assessment and Patch Management Encryption Email Protection Key Generation and Management Web Application Firewall Privilege Access Management Cloud Access Security Brokerage File Access and MDM Distributed Denial of Service Mobile Security Strong Authentication NG Firewall Platform Network Packet Caputre Endpoint Response Strong Authentication Virtual Execution (sandbox) PIM Email Protection Encryption Web Application Firewall User Entity Behaviour Analytics Cloud Access Security Brokerage Privilege Access Management Distributed Denial of Service File Access and MDM SIEM Mobile Security DETECTION the ability to identify and respond: REACTION the ability to remediate and forensically investigate:
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 8 NG FireWall Platform EndPoint Protection Email Protection Encryption Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring ivery WIFI Mobile SIEM Web security Discovery Analytics Email security Vulnerability search Password/Access Security tools Professional services Patch on Key logging Restrictions Service accounts Compliance port Email Session recording General security Enforce/InformSession recording etect y ons Encryption Servailance/ Monitoring SIEM Web security s Email security Vulnerability search ools Professional services Patch ns Service accounts Compliance EESSSENTIALL CCOORREE Firewall General PC Security Delivery WI DDOS Disco Identity Password Integration Key log Import/Export Em Forensics Mon tect y ons Encryption Servailance/ Monitoring SIEM Web security s Email security Vulnerability search ools Professional services Patch ns Service accounts Compliance ording General security Enforce/Informording ponse SIEM Firewall General PC security Intursion d securi Security ic Security Delivery WIFI Mobile DDOS Discovery Analyti Identity Password/Access Security t Integration Key logging Restricti Import/Export Email Session rec Forensics Session rec Money End point Res Firewall General PC security Intursion detect security Security icons Encrypt Security Delivery WIFI Mobile SIEM DDOS Discovery Analytics Email sec Identity Password/Access Security tools Professio service Integration Key logging Restrictions Service acc Import/Export Email Session recording General se Forensics Session recording Money End point Response SIEM Web Application Firewall EndPoint Response SIEM Virtual Execution (sandbox) Distributed Denial of Services Privilege Access Management Strong Authentication PIM Vulnerability Assessment and Patch Management Key Generation and Management User Entity Behaviour Analytics Mobile Security Network Plumbing Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewa Security D DDOS Identit Integrat Import/Ex Forens Firewall General PC security Intursion detect security Security icons Encrypt Security Delivery WIFI Mobile SIEM DDOS Discovery Analytics Email sec Identity Password/Access Security tools Professio service Integration Key logging Restrictions Service acc Import/Export Email Session recording General se Forensics Session recording Money End point Response SIEM Minding All the Gaps, All the Time The CARM framework delivers the pathway for channel partners to close any gaps their customers may have and deliver replacement or complementary security solutions relevant to each one. However, circumstances change, either in customers’ businesses and markets, regulatory frameworks, solution technologies and most importantly, the nature of attacks and their vectors. CARM solutions and vendors are continuously monitored in terms of suitability and effectiveness and updated to ensure that customers have the most effective technologies to hand. Should the security needs of customers change, then CARM can help identify new gaps and determine a security pathway to ensure there is a solution ready to implement seamlessly, to meet these needs and for each of the three axes. The Security Adoption Curve delivers appropriate security according to need and highlights what is required to go to the next security level.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 9 For more information visit www.exclusive-networks.co.uk EndPoint Response Cloud Access Security Brokerage File Access and MDM Network Packet Capture Network Response ADVAVAV NCED C security Intursion detect security Security icons Encryption Servailance/ Monitoring IFI Mobile SIEM Web security overy Analytics Email security Vulnerability search d/Access Security tools Professional services Patch gging Restrictions Service accounts Compliance mail Session recording General security Enforce/InformSession recording ney End point Response SIEM detect ity cons Encryption Servailance/ Monitoring e SIEM Web security ics Email security Vulnerability search tools Professional services Patch ions Service accounts Compliance cording General security Enforce/Informcording sponse SIEM tion Servailance/ Monitoring M Web security curity Vulnerability search onal es Patch counts Compliance ecurity Enforce/Inform M all General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Delivery WIFI Mobile SIEM Web security S Discovery Analytics Email security Vulnerability search ty Password/Access Security tools Professional services Patch tion Key logging Restrictions Service accounts Compliance xport Email Session recording General security Enforce/Inform sics Session recording Money End point Response SIEM tion Servailance/ Monitoring M Web security curity Vulnerability search onal es Patch counts Compliance ecurity Enforce/Inform M
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 10 Summary By adopting a CARM approach, channel partners are able to swiftly and confidently help customers identify, close and tighten up any security gaps, in their defences and reduce time to detect, react, mediate, analyse and learn. Customers move from a defensive posture to a more forward facing one and are able to: Rapidly detect, analyse, mitigate and resolve cyber breaches Achieve their unique digital business objectives and meet regulatory compliance Protect core data and infrastructure without slowing down the functioning of the business Gain real-time visibility and reaction to traditional and emerging threats Channel partners who have already adopted the CARM framework have benefited from an increase in customer facing time and a reduction in time and resource needed to audit, analyse, research and recommend solutions to customer security issues. Current partners have had the following experience and seen their customers realise significant business benefits.
Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 11 CARM Vendors Exclusive Networks’ vendors undergo a stringent and ongoing evaluation of their technology and ability to work with the channel, to ensure channel partners are able to recommend and rely on the solutions and support delivered. The vendors that map to each of the key CARM components are: The Smart Route To Visibility™
Page 12 Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk The Reality Driving the Need for It has been mentioned already that there is a blizzard of facts, stats and prophecies that combine to create a climate of fear and uncertainty. It is the catalyst behind the CARM approach, and to reinforce why now is the time to take a CARM approach and move on from prevention base security. Here are some key trends and facts that are researched and credible that partners can share with their customers. EV 5 1. EVENTS OCCUR ERY SECOND MALWARE 206 DAYS THE AVERAGE TIME TO IDENTIFY AN ATTACK2. 50BILLIONÔTHINGSÕ CONNECTED TO THE INTERNET BY 20208. 59%OF ORGANISATIONS EXPECT THE NUMBER OF SECURITY INCIDENTS TO INCREASE NEXT YEAR 3. THOSE ON THE DIGITAL FRONTIER HAVE 2-3X FASTER PROFIT MARGIN GROWTH DIGITAL PUBLIC SECTOR CIOs EXPECT A RISE OF IN 2016 BY 35%7.PROCESSES WERE COMPROMISED MORE THAN A YEAR AFTER THE VULNERABILITY AND EXPOSURE WAS PUBLISHED1. OF EXPLOITED 99.9 % VULNERABILITIES THE AVERAGE LOSS FOR A OF 1,000 RECORDS IS BETWEEN $52,000 AND $87,000 1. BREACH FROM NOW UNITL 2020, THE DIGITAL UNIVERSE WILL DOUBLE EVERY TWO YEARS5. IN 82%OF INCIDENTSEND USER DEVICES WERE AN ISSUE 51% OF CIOs ARE CONCERNED THAT THE DIGITAL TORRENT IS COMING FASTER THAN THEY CAN COPE 4. DATAIN THE DIGITAL UNIVERSE THAT REQUIRES PROTECTION IS GROWING FASTER THAN THE DIGITAL UNIVERSE ITSELF 5. OF ORGANISATIONS HAD A SECURITY BREACHIN THE LAST YEAR RELATING TO3. SOCIAL NETWORK SITES 13% 1. Source: 2015 Data Breach Investigations Report, Verizon 2. Source: 2015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2015 3. Source: 2015 Information Security Breaches Survey Technical Report, HM Government 4. Source: Gartner, January 14 2014, Press Release

Recommended

The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Ollie Whitehouse
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Smart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureSmart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureOllie Whitehouse
 
16231
1623116231
16231James Grant
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 

Recommended

The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Assuring the Security of the Supply Chain - Designing best practices for cybe...
Assuring the Security of the Supply Chain - Designing best practices for cybe...Ollie Whitehouse
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Smart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureSmart grid in the Critical National Infrastructure
Smart grid in the Critical National InfrastructureOllie Whitehouse
 
16231
1623116231
16231James Grant
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001finance40
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsTerranova Security
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceS-RM Risk and Intelligence Consulting
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Lenguaje corporal
Lenguaje corporalLenguaje corporal
Lenguaje corporalramiro carrillo
 
Chapter 2
Chapter 2Chapter 2
Chapter 2ALEXISMORALES81
 
Fuzzy driver command interpreter
Fuzzy driver command interpreterFuzzy driver command interpreter
Fuzzy driver command interpreterprj_publication
 

More Related Content

What's hot

symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001finance40
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPSymantec
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsTerranova Security
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 

What's hot (19)

symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
 
What We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATPWhat We Learned as the First and Best Customer of Symantec ATP
What We Learned as the First and Best Customer of Symantec ATP
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest link
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and Metrics
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networks
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 

Viewers also liked

Fuzzy driver command interpreter
Fuzzy driver command interpreterFuzzy driver command interpreter
Fuzzy driver command interpreterprj_publication
 
5 multi robot path planning algorithms
5 multi robot path planning algorithms5 multi robot path planning algorithms
5 multi robot path planning algorithmsprj_publication
 
Bidirectional data centric routing protocol to improve the energy efficiency ...
Bidirectional data centric routing protocol to improve the energy efficiency ...Bidirectional data centric routing protocol to improve the energy efficiency ...
Bidirectional data centric routing protocol to improve the energy efficiency ...prj_publication
 
India general buget 2017-2018
India general buget 2017-2018India general buget 2017-2018
India general buget 2017-2018gowri sankar
 
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...Lucas Jellema
 
Theories of strong sustainability
Theories of strong sustainabilityTheories of strong sustainability
Theories of strong sustainabilityPrabha Panth
 
Proyecto alicia, muy importante para salvar el año version beta.docx
Proyecto alicia, muy importante para salvar el año version beta.docxProyecto alicia, muy importante para salvar el año version beta.docx
Proyecto alicia, muy importante para salvar el año version beta.docxAlicia Rodriguez
 
NOS DIVERTIMOS CREANDO POEMAS
NOS DIVERTIMOS CREANDO POEMASNOS DIVERTIMOS CREANDO POEMAS
NOS DIVERTIMOS CREANDO POEMASafcovelo15
 

Viewers also liked (14)

Lenguaje corporal
Lenguaje corporalLenguaje corporal
Lenguaje corporal
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Fuzzy driver command interpreter
Fuzzy driver command interpreterFuzzy driver command interpreter
Fuzzy driver command interpreter
 
5 multi robot path planning algorithms
5 multi robot path planning algorithms5 multi robot path planning algorithms
5 multi robot path planning algorithms
 
Bidirectional data centric routing protocol to improve the energy efficiency ...
Bidirectional data centric routing protocol to improve the energy efficiency ...Bidirectional data centric routing protocol to improve the energy efficiency ...
Bidirectional data centric routing protocol to improve the energy efficiency ...
 
Numerical investigation
Numerical investigationNumerical investigation
Numerical investigation
 
India general buget 2017-2018
India general buget 2017-2018India general buget 2017-2018
India general buget 2017-2018
 
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...
AMIS SIG - Introducing Apache Kafka - Scalable, reliable Event Bus & Message ...
 
BFSI ATL Creds
BFSI ATL CredsBFSI ATL Creds
BFSI ATL Creds
 
ANSIL_CV-_II
ANSIL_CV-_IIANSIL_CV-_II
ANSIL_CV-_II
 
Theories of strong sustainability
Theories of strong sustainabilityTheories of strong sustainability
Theories of strong sustainability
 
Proyecto alicia, muy importante para salvar el año version beta.docx
Proyecto alicia, muy importante para salvar el año version beta.docxProyecto alicia, muy importante para salvar el año version beta.docx
Proyecto alicia, muy importante para salvar el año version beta.docx
 
NOS DIVERTIMOS CREANDO POEMAS
NOS DIVERTIMOS CREANDO POEMASNOS DIVERTIMOS CREANDO POEMAS
NOS DIVERTIMOS CREANDO POEMAS
 
AGRI & FOOD PROCESSING
AGRI & FOOD PROCESSINGAGRI & FOOD PROCESSING
AGRI & FOOD PROCESSING
 

Similar to CARMWhitepaper

How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Unisys Corporation
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium
 
ICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber securityICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber securityNiamh Hughes
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...ssuser2d55aa
 
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docx
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docxAlarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docx
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docxvoltronoperations
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi..."Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...NDimensionZ Solutions
 

Similar to CARMWhitepaper (20)

How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
 
ICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber securityICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber security
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
 
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docx
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docxAlarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docx
Alarm & Patrol Services_ Safeguarding Your Property and Peace of Mind.docx
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi..."Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...
"Navigating the Cybersecurity Landscape: Identifying Your Ideal Service Provi...
 

CARMWhitepaper

  • 1. Next Generation, Profitable, Security Begins With a CARM Approach
  • 2. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 2 Ever more alarming ‘facts’ about the heightened risks of the digital environment, a security landscape built on prevention, and the reality of breaches becoming more widespread and likely. The CARM approach from Exclusive Networks allows channel partners to swiftly identify gaps in customer security, provides complementary solutions that deliver effective, integrated, and sustainable security against known, advanced and evolving threats, realising significant business gains in the process.
  • 3. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 3 Introduction Because the pace of change in the digital world is ever increasing, it is widely recognised and commented on, that the rate, variety and severity of cyberattacks is increasing either in step, or more worryingly, ahead of the ability of organisations to maintain a secure digital presence. Accepting a security breach rather than simply trying to prevent it is the new norm. This presents a huge challenge to organisations with systems built around prevention and perimeter defence, a challenge amplified by new compliance requirements. Questions we ask ourselves: What to invest in and divest of? Where are attacks likely to come from? What’s our security legacy? Where is our soft-spot? What compliance regulations to meet? What, critically, is coming down the barrel next? There is a lot of general information and guidance, much government generated, about what organisations should do and a blizzard of scaremongering and ‘essential’ advice often frightening organisations into action, that whilst might address a particular element of the security landscape, rarely provides a complete picture. What is less clear is how to develop a strategy for dealing with today’s threats, what to do when breached and safeguarding against tomorrow’s emerging threats. Factor in the difficulty of knowing whose solutions to deploy out of the thousands on the market and what works best with what and the picture becomes very complex and only serves to ratchet up the fear factor. For channel partners, the demands from customers increase in line with their need and perception of risk and the onus to research, test, deploy and support solutions right for each and every one of their customers across the security spectrum, without taking unnecessary risks, becomes white hot. Where to turn to for researched, objective, proven & channel friendly solutions that address the complete security need, provide partners with complementary revenue streams and significantly reduce their operational costs? The answer: CARM – Cyber Attack Remediation and Mitigation provides channel partners with the framework and tools to confidently identify gaps in their customers’ security regime, how to most effectively close them and tighten their security policies to ensure compliance. CARM applies to customers of all sizes, in all markets irrespective of their current security profile and incorporates best-of-breed vendor solutions.
  • 4. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 4 A CARM Approach is a Controlled Approach CARM is built around the central tenet that in today’s world, cybersecurity, to be effective, needs to deal with more than prevention and perimeter security, it has to factor in the expectation that a breach will occur. At the heart of the CARM concept and framework is the ability to deliver an integrated security capability built around the three core axes of: This then provides the route to create an effective, integrated and complete security system across all platforms within all organisations. It is also scalable and recognising that one size doesn’t fit all, provides solutions relevant to the circumstances and requirements of each customer, dovetailing with existing customer security systems. CARM allows customers to tailor their security requirement and select vendors and technologies from each of the axes to fill any gaps in their current security capabilities and importantly, in accordance to the level of their security need – Essential, Core or Advanced.
  • 5. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 5 Find the Gaps It’s critical to point out that CARM is not a product or a marketing programme. The CARM framework allows channel partners to evaluate customers’ current security capabilities, identify potential gaps and show how a strategic end-to-end cybersecurity framework turns cybersecurity from a reactive posture into a pro-active, controlled operation across customers’ businesses and in doing so, realising significant benefits for them: For channel partners the advantages of embracing CARM are many. The vendor solutions within the three core axes are at the forefront of their field and have had the relevant level of due diligence, research and testing done by Exclusive Networks to ensure they are effective, work together and are fully committed to the channel. With the heavy lifting of key technology and vendor evaluation done, partners can access emerging technologies relatively risk free and have business issues like the compromise between security and putting the brakes on business operation and agility already considered and covered. This in turn frees up their time to be more customer focused and concentrate on delivering the benefits their customers need to maintain and grow their online and digital presence and ultimately, their competitive edge. Delivers threat landscape security - current and emerging Ensures compliance to current and future regulation Reduces reactivity and time to detect, react and mitigate Improves uptime, and hence productivity and profit in the short term and customer loyalty and growth prospects in the long-term Raises their security capabilities Increases control and understanding
  • 6. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 6 Essential Elements of Complete Security With past security systems being either completely or predominantly focused on prevention there is a truism, borne out in research, that if an attack succeeds and a breach occurs then most organisations will be woefully unprepared for what to do in the event of this. It has been the case for the last few years that there is a considerable and potential business limiting gap, between the time to compromise or breach and the time to detect and respond. Typically a compromise will happen in minutes, whereas a detection and response time is at best in days, most often in in weeks and at worst in months. One report showed the typical detection gap to be 146 days, or over four months. As stressed, CARM is predicated on the fact that given an attacker needs to get lucky only once then organisations with an effective security system need to be lucky all the time. CARM integrates the three axes of Prevention, Detection and Reaction into a security life-cycle and assuming that on occasion the attacker will be successful at beating prevention mechanisms, is ready armed to significantly reduce any detection and reaction gaps.
  • 7. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 7 Mind all the Gaps Each axis contains proven vendor solutions that are focused on the key attack types and their nature. All work together and as already mentioned, can be deployed in conjunction with a customer’s existing legacy security regime, all together, or only the element required – it is all driven by customer situation and need. The functional security areas addressed by each axis are: Endpoint Respons Network Response SIEM PREVENTION the ability to defend: NG Firewall Platform PIM Endpoint Protection Vulnerability Assessment and Patch Management Encryption Email Protection Key Generation and Management Web Application Firewall Privilege Access Management Cloud Access Security Brokerage File Access and MDM Distributed Denial of Service Mobile Security Strong Authentication NG Firewall Platform Network Packet Caputre Endpoint Response Strong Authentication Virtual Execution (sandbox) PIM Email Protection Encryption Web Application Firewall User Entity Behaviour Analytics Cloud Access Security Brokerage Privilege Access Management Distributed Denial of Service File Access and MDM SIEM Mobile Security DETECTION the ability to identify and respond: REACTION the ability to remediate and forensically investigate:
  • 8. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 8 NG FireWall Platform EndPoint Protection Email Protection Encryption Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring ivery WIFI Mobile SIEM Web security Discovery Analytics Email security Vulnerability search Password/Access Security tools Professional services Patch on Key logging Restrictions Service accounts Compliance port Email Session recording General security Enforce/InformSession recording etect y ons Encryption Servailance/ Monitoring SIEM Web security s Email security Vulnerability search ools Professional services Patch ns Service accounts Compliance EESSSENTIALL CCOORREE Firewall General PC Security Delivery WI DDOS Disco Identity Password Integration Key log Import/Export Em Forensics Mon tect y ons Encryption Servailance/ Monitoring SIEM Web security s Email security Vulnerability search ools Professional services Patch ns Service accounts Compliance ording General security Enforce/Informording ponse SIEM Firewall General PC security Intursion d securi Security ic Security Delivery WIFI Mobile DDOS Discovery Analyti Identity Password/Access Security t Integration Key logging Restricti Import/Export Email Session rec Forensics Session rec Money End point Res Firewall General PC security Intursion detect security Security icons Encrypt Security Delivery WIFI Mobile SIEM DDOS Discovery Analytics Email sec Identity Password/Access Security tools Professio service Integration Key logging Restrictions Service acc Import/Export Email Session recording General se Forensics Session recording Money End point Response SIEM Web Application Firewall EndPoint Response SIEM Virtual Execution (sandbox) Distributed Denial of Services Privilege Access Management Strong Authentication PIM Vulnerability Assessment and Patch Management Key Generation and Management User Entity Behaviour Analytics Mobile Security Network Plumbing Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewall General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Security Delivery WIFI Mobile SIEM Web security DDOS Discovery Analytics Email security Vulnerability search Identity Password/Access Security tools Professional services Patch Integration Key logging Restrictions Service accounts Compliance Import/Export Email Session recording General security Enforce/Inform Forensics Session recording Money End point Response SIEM Firewa Security D DDOS Identit Integrat Import/Ex Forens Firewall General PC security Intursion detect security Security icons Encrypt Security Delivery WIFI Mobile SIEM DDOS Discovery Analytics Email sec Identity Password/Access Security tools Professio service Integration Key logging Restrictions Service acc Import/Export Email Session recording General se Forensics Session recording Money End point Response SIEM Minding All the Gaps, All the Time The CARM framework delivers the pathway for channel partners to close any gaps their customers may have and deliver replacement or complementary security solutions relevant to each one. However, circumstances change, either in customers’ businesses and markets, regulatory frameworks, solution technologies and most importantly, the nature of attacks and their vectors. CARM solutions and vendors are continuously monitored in terms of suitability and effectiveness and updated to ensure that customers have the most effective technologies to hand. Should the security needs of customers change, then CARM can help identify new gaps and determine a security pathway to ensure there is a solution ready to implement seamlessly, to meet these needs and for each of the three axes. The Security Adoption Curve delivers appropriate security according to need and highlights what is required to go to the next security level.
  • 9. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 9 For more information visit www.exclusive-networks.co.uk EndPoint Response Cloud Access Security Brokerage File Access and MDM Network Packet Capture Network Response ADVAVAV NCED C security Intursion detect security Security icons Encryption Servailance/ Monitoring IFI Mobile SIEM Web security overy Analytics Email security Vulnerability search d/Access Security tools Professional services Patch gging Restrictions Service accounts Compliance mail Session recording General security Enforce/InformSession recording ney End point Response SIEM detect ity cons Encryption Servailance/ Monitoring e SIEM Web security ics Email security Vulnerability search tools Professional services Patch ions Service accounts Compliance cording General security Enforce/Informcording sponse SIEM tion Servailance/ Monitoring M Web security curity Vulnerability search onal es Patch counts Compliance ecurity Enforce/Inform M all General PC security Intursion detect security Security icons Encryption Servailance/ Monitoring Delivery WIFI Mobile SIEM Web security S Discovery Analytics Email security Vulnerability search ty Password/Access Security tools Professional services Patch tion Key logging Restrictions Service accounts Compliance xport Email Session recording General security Enforce/Inform sics Session recording Money End point Response SIEM tion Servailance/ Monitoring M Web security curity Vulnerability search onal es Patch counts Compliance ecurity Enforce/Inform M
  • 10. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 10 Summary By adopting a CARM approach, channel partners are able to swiftly and confidently help customers identify, close and tighten up any security gaps, in their defences and reduce time to detect, react, mediate, analyse and learn. Customers move from a defensive posture to a more forward facing one and are able to: Rapidly detect, analyse, mitigate and resolve cyber breaches Achieve their unique digital business objectives and meet regulatory compliance Protect core data and infrastructure without slowing down the functioning of the business Gain real-time visibility and reaction to traditional and emerging threats Channel partners who have already adopted the CARM framework have benefited from an increase in customer facing time and a reduction in time and resource needed to audit, analyse, research and recommend solutions to customer security issues. Current partners have had the following experience and seen their customers realise significant business benefits.
  • 11. Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk Page 11 CARM Vendors Exclusive Networks’ vendors undergo a stringent and ongoing evaluation of their technology and ability to work with the channel, to ensure channel partners are able to recommend and rely on the solutions and support delivered. The vendors that map to each of the key CARM components are: The Smart Route To Visibility™
  • 12. Page 12 Exclusive Networks Ltd, Alresford House, Mill Lane, Alton, GU34 2QJ Tel: 0845 521 7217 www.exclusive-networks.co.uk The Reality Driving the Need for It has been mentioned already that there is a blizzard of facts, stats and prophecies that combine to create a climate of fear and uncertainty. It is the catalyst behind the CARM approach, and to reinforce why now is the time to take a CARM approach and move on from prevention base security. Here are some key trends and facts that are researched and credible that partners can share with their customers. EV 5 1. EVENTS OCCUR ERY SECOND MALWARE 206 DAYS THE AVERAGE TIME TO IDENTIFY AN ATTACK2. 50BILLIONÔTHINGSÕ CONNECTED TO THE INTERNET BY 20208. 59%OF ORGANISATIONS EXPECT THE NUMBER OF SECURITY INCIDENTS TO INCREASE NEXT YEAR 3. THOSE ON THE DIGITAL FRONTIER HAVE 2-3X FASTER PROFIT MARGIN GROWTH DIGITAL PUBLIC SECTOR CIOs EXPECT A RISE OF IN 2016 BY 35%7.PROCESSES WERE COMPROMISED MORE THAN A YEAR AFTER THE VULNERABILITY AND EXPOSURE WAS PUBLISHED1. OF EXPLOITED 99.9 % VULNERABILITIES THE AVERAGE LOSS FOR A OF 1,000 RECORDS IS BETWEEN $52,000 AND $87,000 1. BREACH FROM NOW UNITL 2020, THE DIGITAL UNIVERSE WILL DOUBLE EVERY TWO YEARS5. IN 82%OF INCIDENTSEND USER DEVICES WERE AN ISSUE 51% OF CIOs ARE CONCERNED THAT THE DIGITAL TORRENT IS COMING FASTER THAN THEY CAN COPE 4. DATAIN THE DIGITAL UNIVERSE THAT REQUIRES PROTECTION IS GROWING FASTER THAN THE DIGITAL UNIVERSE ITSELF 5. OF ORGANISATIONS HAD A SECURITY BREACHIN THE LAST YEAR RELATING TO3. SOCIAL NETWORK SITES 13% 1. Source: 2015 Data Breach Investigations Report, Verizon 2. Source: 2015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2015 3. Source: 2015 Information Security Breaches Survey Technical Report, HM Government 4. Source: Gartner, January 14 2014, Press Release