New Net Technologies

Transcript

pisicing elit, sed do eiusmempor incidi dunt ut labore et dolore. New Net Technologies P&O Ferries The Art of Layered Security Regardless of which industry you operate within, data security is important for the health of your business and its reputation. With ever increasingly sophisticated attacks from malware as well as determined Insiders knowing ‘how to operate within the rules’ to avoid detection, IT security teams are facing an overwhelming set of dangerous security challenges. In external attacks in 2011, hacking appeared in 81% of breaches and malware appeared in 69% Verizon data breach report 2012 To take a firm stance against these threats, the more forward thinking companies are starting to adopt a ‘layered and integrated approach’ to security and it’s these organizations that are starting to see the most benefit in protecting their IT Infrastructure against both internal and external threats, whilst maintaining their compliance obligations. Defending against evolving cyber threats There is an art and a skill to building an effective security framework which requires a process, methodology and a set of tools that are right for your environment. The ‘art’ of good security and compliance requires an integrated and layered approach that can continuously monitor and quantify all system activity in real-time to identify potential risks and threats from both internal and external sources. Just buying the tools that tick the prescribed boxes isn’t enough – put simply, no one technology will protect against the range of threats to sensitive data, be it cardholder details, personal information, intellectual property or financial intelligence. In utilizing an intelligent, layered approach to the process, methodology, tools and technology selection (as a reasonable minimum this will likely include: Perimeter Security, Firewall, Intrusion Detection, Penetration & Vulnerability Testing, Anti-Virus, Patch Management, Device Hardening, Change & Configuration Management, File Integrity Monitoring, Security Information and Event Log Management) it is entirely possible to build an approach where all aspects work together to provide the security needed to effectively and efficiently protect your environment and at all times ensure a secure and compliant state. The Art of Layered Security External Threats Layered security is essential, without it the IT infrastructure is vulnerable:- • Firewall technology won’t defend your IT estate against cyber-attacks originating from internal staff • Fundamentally hardened and secure hosts/ file systems will serve to protect data but only if well-managed patching and change management processes are observed FILE INT NGE/CONFI G CHA GM HIN GM C T AT P / G N I & EVENT LOG M ON ITY R I EG Protected Data NNT protected environment Insider Threats • Checks and balances to all security layers can be automated using File Integrity Monitoring and Event Log Analysis RING TO HAR DE N /IPS IDS LL A W RE FI S IRU I-V T AN • Signature-based technologies such as Anti-Virus and Intrusion Protection are universally used security measures, but neither are effective at protecting against ‘zero day’ threats and Advanced Persistent Threats Zero Day Threats NNT security monitoring and change detection At NNT we understand both the ‘Art’ and the combination of tools required. Security tools can usually be split into two distinct categories, the ones we hear about all the time and understand intrinsically, and the ones that aren’t so prevalent but equally as valuable. NNT focus on the latter of the two - the system monitoring and change detection technology. Whilst these areas are arguably less well understood in the mainstream they are an extremely critical part of the overall layered security approach, and will be vital when it comes to protecting against all types of threats and data breaches in-line with compliance standards such as PCI DSS, HIPAA, NERC and SOX By combining Device Hardening, FIM, SIEM and CCM in an integrated solution, we enable organizations to not just see which events take place but highlight those of concern to ensure adherence with compliance and internal policies. All bases are covered by auditing IT systems for vulnerabilities, with a baseline set to monitor the health and performance of all devices by automating the monitoring of changes to configurations, file systems, registries and settings. The information is then collated and displayed in an easy-to-use and secure dashboard, enabling you to monitor and analyse activity and ensure the systems are, and continue to be secure and compliant. Combining SIEM, CCM and FIM in one easy-to-use solution SIEM ccm Security Information and Event Log Management (SIEM) Change & Configuration Management (CCM) NNT’s multi-platform security correlation enables you to securely gather and review daily logs from all devices, including network devices, Unix and Window servers, applications and databases. The NNT solution starts with a compliance or device hardening audit option to ensure the devices are set up securely from the outset. Ongoing forensic detection of changes to this compliant state will be tracked in real-time or as part of a scheduled report, controlling and minimizing configuration drift. This will make sure system configurations don’t deviate away from established standards and policies. It will confirm: It will show: • Who has accessed what device • Is there an on-going security vulnerability • Whether confidential data is impacted FIM File Integrity Monitoring (FIM) A vital stance in the bid to protect systems from breaches is to monitor unusual or unapproved changes to the Application file systems. NNT FIM verifies program and operating system files have not been compromised in real-time, with host intrusion prevention (HIP) pinpointing anything malicious installed on the in scope device. It will identify: • Unusual changes • Which devices were affected • Which specific attributes changed and who made the change • Who made the change • Adds, moves or deletes • Whether the change was approved • Checksum/hash based changes • Whether it has affected your compliant state More than 60% of all environment failures would be eliminated if unapproved changes were identified before affecting IT performance. EMA This integrated approach to data security means that NNT will be able to keep you secure and on top of what is happening across your IT infrastructure, the solution will inform you:• What the threats are: by intelligently evaluating all events within the IT estate to highlight genuine security threats • What the risk profile is: through scheduled auditing of configuration settings, devices remain hardened at all times • What changed: utilizing real-time file integrity monitoring, for Windows, Unix and Linux, full audit trails of all security events and incidents are provided • Who made the change: clear identification of who made the change and how is supplied, with full audit trails of file and folder access • Which changes were planned vs unplanned: Change management procedures are underpinned with NNT’s unique ‘Closed Loop Change Management’ process – not only are the details of the changes documented, they are also reconciled with what actually changed. Irrespective of the IT infrastructure and the technologies deployed, ‘events’ will happen within a secure estate so NNT provides the ability to capture the details, establish whether the event has altered the compliant state, reveal who initiated the event and whether or not it was part of a planned change. NNT event log correlation and filtering GATHER - 100% OF EVENTS Implement the SIEM system to gather all events centrally PROFILE - 30% OF EVENTS Refine event type identification and tune alert thresholds FOCUS - <1% OF EVENTS Correlate and pattern-match events to It captures and filters ensure only genuine security threats all the events, without are alerted exception. It will identify, index and analyse the event type and match the event to the alert thresholds to pinpoint only genuine security threats. DECREASING EVENT LOG VOLUMES Our solution automates the security monitoring and change detection process for you by providing the information needed to quickly and easily make a decision as to the severity of the issue, where it came from, who perpetrated it, what to do to fix it and what to do to prevent it from happening again. CAPTURE FILTER INDEX ANALYZE CORRELATE THRESHOLD And as our security tools only ever alert to real issues, they will cut out all of the background noise that represents day to day business in order to hone in on the pertinent issues. Lorem ipsum dolor sit ametonsectetur adi pisicing elit, sed do eiusmempor incidi dunt ut laborewith et dolore. Managing the threatscape NNT P&O Ferries and the Art of Layered Security NNT has been delivering best of breed security solutions since 2005, helping organizations across the globe, from SME’s to well-known brands, get in front of and manage the accelerating threatscape. Our solutions will do the ‘heavy lifting’ for you - NNT will provide the tools that automate the security monitoring and change detection process, establish a process of constant ongoing improvement and ensure the configuration and installation is seamless. We will deliver a security framework that protects your company’s IT infrastructure and reputation. The solution will enable you to:• Understand what is going on within your IT infrastructure at all times, with the solution only ever interrupting when there is a real and valid reason to do so • Protect against malicious external and internal attacks by detecting suspicious activity that represents the most significant business risks, alerting when closer inspection is needed, regardless of the point of entry • Reduce manual effort by automating the CCM process and removing the need to firefight, whilst identifying the root cause of issues and preventing recurrence of the incident • Eliminate the breach to detection time gap by alerting on unauthorized changes that introduce security risk or non-compliance NNT Security Policy PCI DSS, Sarbanes oxley gcsx coco, iso27000 hipaa, nerc cip ...more... • Make continual improvements to your compliant state by ‘learning with each alert’ to refine process and policy NNT solutions have benefited organizations of all sizes and industries, enabling them to face their security and compliance challenges head on. To learn more, don’t delay and contact us today. W: www.newnettechnologies.com E: [email protected] About NNT NNT is a global provider of data security and compliance solutions, with a particular emphasis on PCI DSS. We are firmly focused on helping organizations protect their sensitive data against security threats and network breaches in the most efficient and cost effective manner. Our easy to use security monitoring and change detection software combines Device Hardening, SIEM, CCM and FIM in one integrated solution, making it straightforward and affordable for organizations of any size to ensure their IT systems remain healthy, secure and compliant at all times - NNT will safeguard your systems and data freeing you up to focus on delivering your corporate goals. W: www.newnettechnologies.com E: [email protected] © 2012 New Net Technologies Ltd Copyright © 2012; All rights reserved. NNT and Change Tracker are registered trademarks of NewNetTechnologies Ltd. All other names and trademarks are property of their respective owners.