Effective security monitoring mp 2014


Published on

The best tool to prevent hacking.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Thank you once again for taking time out of your busy schedule to meet with us today. Let me take a moment to introduce everyone on the call. On the EiQ side I am Jane Doe and will serve as your account manager(We also have John Doe who is my Team Lead and will cover the presentation today and) Bob Smith the Solution Engineer who will demonstration our solution and address any technical questions you may have  Could you take a moment to introduce the ACME Corp. team?CUSTOMER: [introduces all of their members and roles/responsibilities]ISR:Ok, great… Thank you. And just to confirm, is everyone able to be with us for the entire 30-minute session today?CUSTOMER: YesISR:Great! Thanks Jane! Today’s presentation is centered on how EiQ is enabling organizations like [insert company] with an effective and proven security program based on industry best practices to address Security monitoring and Compliance challenges. First I would like to recap the challenges that you mentioned that you would like to address.
  • Prep call Challenges Captured Here – THIS SLIDE NEEDS TO BE UPDATED BASED ON PREP CALL PRIOR TO THE DEMO CALLWhen we last spoke you stated that [company name] is looking for a Security Monitoring solution to detect breaches and identify threatsLog Management and SIEM that you wanted to ensure you meeting PCI-DSS [or replace with other applicable compliance need such as HIPAA, GLBA, etc.] compliance needs. And that this project has been approved and funded for implementation by [X] date. Is that still the case?CUSTOMER: YesISR: Excellent! Let’s start with looking at the threat landscape. CUSTOMER: Sounds good.
  • In spite of deploying signature based security solutions like Firewalls, Anti-Virus, Anti-Spam AV, IPS, every day a new story hits the news talking about how companies of all sizes are becoming a victim of targeted attacks. It’s also common to find a majority of these companies are compliant with industry regulations, but are still breached. Examples like: Target, Nieman Marcus, Hannaford are prime examples.Research shows that every organization is either already breached or is going to be breached. According to the 2013 Verizon Data Breach Investigative Report – almost no organization, including small businesses, are immune to security breaches.The two questions you have to ask yourself is “How will you know when a breach happens to your organization and what will be the impact?” Verizon DBIR strongly recommends that companies implement a comprehensive security program based on the SANS Critical Security Controls to improve cyber defenses.
  • Based on industry research and our experience in dealing with some of the largest organizations in the world, an effective security program should include a delicate balance of process, technology and people: The process should allow you to manage your IT infrastructure based on industry best practices and deliver continuous visibility into your security posture. Technology should automate the implementation of security best practices and identification of potential problem areas while providing guidance on the appropriate remediation actions in order to minimize risks.  People – A successful security program must have dedicated security staff with knowledge of the current threat landscape and expertise to address issues as they arise. Your end goal should be a well-thought out information security program that addresses the challenges discussed earlier. 
  • Now let’s take a look at how EiQ is helping organizations like yours put process, technology and people in place utilizing a unique service offering called SOCVue.Process:The cornerstone of EiQ’sSOCVue service offering is a well thought out Process.This includes:Continuous assessment of your IT infrastructure against the SANS Critical Security Controls. As part of this process we will deliver a concise daily and monthly report on how you fare against SAN CSC in a simple to understand Red/Green/Yellow dashboard. We will identify items such as Inventory of authorized and unauthorized nodes on your network Inventory of authorized and unauthorized Software on your networkVulnerable nodes on your networkMalware defenses, etc.24X7 security monitoring, Identification and prioritization of critical issues, along with guidance on how to address themDaily reporting summarizing issues of the dayMonthly reporting summarizing the issues of the month as well as compliance needs such as PCI, HIPAA, GLBA, etc. Technology:EiQ’s solution, called SecureVue, is deployed on-premise thus allowing you to keep all of your sensitive data within your control.Key modules include log management & Security monitoring, Compliance Reporting, Forensic Analysis and Critical Security Control (CSC) automation.With EiQ, organizations will understand what is on the network, whether IT systems are secure, important areas of concern, and guidance on what to do when security incidents are detected.  People:  Through EiQ’s one-of-a-kind SOCVue service, EiQ’s security analysts will remotely monitor and manage your environment. They will provide 24x7 monitoring, continuous fine-tuning of alerts and correlation rules, and analysis of your security data to help detect suspicious activity and provide remediation guidance. The EiQ SOC Team will become an extension of your security team. The entire program is available via a low-cost monthly subscription.
  • What does this mean for you? The EiQ security offering has become the information security hub for our customers, and you’ll receive the following deliverables. After this slide, we’ll demonstrate the interaction for each of these deliverables that our customer’s receive from our SOC Team.Key deliverables of SOCVue service include:Through advanced correlation and analysis of security data, and real-time alerting, (our secret sauce that’s the culmination of years of expertise and knowledge housed collectively by our SOC and R&D teams), the team configures & fie tunes the SecureVue solution to provide timely detection, notification and documented remediation guidance of relevant security issues that are most likely unknown today. Detailed daily and monthly reports that drive continuous improvement on the security infrastructure, as well as compliance reports that can be used internally or externally to assist with industry specific regulations such as Pci, HIPAA, GLBA, etc –.On-Demand investigative analysisShould an important security event occur, or simply a policy or HR violation, our SOC team an provide full context and guidance around the incident in questionAnd last, and most importantly, you’ll receive daily report on how your environment is faring against security best practices to gain an on-going assessment of the most important critical security controls and guidance on how to address problem areas. Now, we’ll show you examples of SOCVue thesedeliverables so you can get a feel of what the interaction with EiQ’sSOCVueteam is like. Any questions before we demonstrate the deliverables?
  • We believe it is important for you to understand what the SOCVue service delivers and therefore Chris Cook, our Solution Engineer, will now take you through, what we like to refer to as “The SOCVue Experience”… it will give you a true feel for what to expect from the service.-----------[Hand over to Chris Cook]As [ISR Name ]mentioned, our solution is made up of 2 major components; EiQ SOCVue®SOCVue service is a subscription based offering which enables EiQ SCO team of Security Experts to serve as an extension of your team.SOCVueenables EiQ Security Analysts to remotely manage the on-premise SecureVue® implementationIt provides 24x7 security monitoring and automated SANS critical security controls assessment EiQ Security AnalystsEiQ SOC Team consists of security analysts who are certified security & product engineersThis team will continuously monitor and notify you of potential issues This team also provides researches issues as they arise and provides you with remediation guidanceWith that said, lets explore what the deliverables are with the SOCVue Experience.
  • The Core Service Deliverables of the SOCVue service are: -Events of Interest Monitoring & Incident Management; which focused on ……. [walk through the Sample ALERT NOTIFICATION email and remediation guidance]-Daily Security Snapshot; this is a daily report you will receive which….. . [walk through the Sample DALIY REPORT and remediation guidance]-Monthly Summary Reporting of Security Concerns; …. . [walk through the Sample MONTHLY REPORT and remediation guidance]-Monthly Solution Health Review: ….. [Talk about it briefly]-Investigations:;…. [talk about Forensic Analysis briefly]- PCI-DSS Compliance Report – (Select appropriate Compliance Report based on customer challenges) …… . [walk through the Sample PCI-DSS REPORT]-1-on-1; …. [briefly describe this]Mr/Mrs [customer] do you have any questions before I hand it off to [ISR Name]
  • Thanks Chris,In summary, as you can see, EiQ provides the process, technology, and people to implement an effective cyber security program. As Chris demonstrated we help you address all the challenges you mentioned. We also address them in a cost effective fashion through a subscription pricing.As a next step, we offer a free 2-week SOCVue trial where we can implement SOCVue in your environment, and you can get a feel what a relationship with EiQ would be like.When should we set that up?
  • Effective security monitoring mp 2014

    1. 1. Effective Cyber Security Monitoring & Compliance by Ricardo Resnik MultiPoint Ltd. April 2014
    2. 2. Your Challenges • Threat identifycation? • Data Breach detection? • 24x7 Security Monitoring? • Compliance?
    3. 3. Threat Landscape • Advanced Persistent Threats target every industry • Companies of all sizes are at risk • Attacks compromise valuable trade secrets, financial & customer data • Near impossible to discover without a finger on the pulse • 66% of breaches take months or more to discover Source: Verizon DBIR 2013 “ [This] isn't the first company to be breached after getting a clean bill of health for PCI compliance, and it won't be the last.” Bank Info Security, February 2013 “Top three recent [healthcare] data breaches affected about 1.3 million people” Health IT Security, July 2013 “A data breach investigations report from Verizon, released Tuesday, showed that small businesses continue to be the most victimized of all companies.” CNN, April 2013
    4. 4. What is an effective security program? • A set of processes and best practices developed and implemented – Based on industry standards Process Technology • Immediate and comprehensive visibility into the “Threat” – Remove silos and connect the dots People • Trained, experienced Information Security professionals – Must be operational 24 x7
    5. 5. What EiQ’s SOCVue Delivers: • SANS Critical Security Controls Automation – Continuously analyze your IT environment against Security best practices – Identify weak Links in your security posture Process Technology • EiQ SecureVue – Log Management & Security Monitoring – Correlation & Forensic Analysis – Compliance Reporting – Asset Discovery People • EiQ SOCVue Service – Certified Security & Product engineers – 24x7 Monitoring – Alert Notification and Remediation Guidance – On-Demand Investigation – Daily/Monthly Reporting
    6. 6. The Value of EiQ SOCVue Timely Notification of Security Incidents & Remediation Guidance  Malware  Attacks  IP Spoofing  Excessive traffic  Unapproved traffic  Behavior anomaly  Policy violation  Failed event collection Ongoing Critical Security Control Assessment  No unknown assets  No unapproved software/ports/protocols  Anti-malware in place  Vulnerabilities are addressed  Proper logging in place Security & Compliance Reporting & On-Demand Investigations  PCI  HIPAA  GLBA  NIST  On-Demand Investigations
    7. 7. EiQ SOCVue® • A subscription based service that enables EiQ Security Analysts to remotely manage the on-premise SecureVue® implementation. EiQ Security Analysts • EiQ SOC Team consists of security analysts who are certified security & product engineers. • This team will continuously monitor and notify you of potential issues. The SOCVue Experience 7
    8. 8. • Service Includes – Events of Interest Monitoring & Incident Management – Daily Reporting – Daily Solution Health Snapshot – Monthly Summary Reporting of Security Concerns – Monthly Solution Health Review – Up to 2 Investigation Requests per Month – One-on-One Review Session Once a Month Service Offering – Core Service Features 8
    9. 9. Summary • We address all your challenges • Next Steps – SOCVue Evaluation – Trial Date