Denis Valter Cassinerio Security BU Director€¦ · DATACENTER & CLOUD SEC. • IAM Identity &...
Transcript of Denis Valter Cassinerio Security BU Director€¦ · DATACENTER & CLOUD SEC. • IAM Identity &...
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
17/02/2016
Denis Valter Cassinerio
Security BU Director
& Sales North Director ®
Prevenzione e Monitoraggio:
le sentinelle per la sicurezza
del dato
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
IT SECURITY DRIVERS
1
THREATS LANDSCAPE
INTERNET MALWARE INFECTION EXTERNAL EXPLOITATION
PHYSICAL MALWARE INFECTION
T
e
x
t
CYBER ATTACKS
JUST AHEAD
• Drive-by Download
• Email Attachment
• File sharing
• Pirated sw& keygen
• Spear Phishing
• DNS & Routing Mods
• Professional Hacking
• Mass vulnerability exploits
• Co-location Host Exploitation
• Cloud Provider penetration
• Rogue WiFi prenetration
• SmartPhone Bridging
• Infected USB sticks
• Infected CD’s/DVS’s
• Infected memory cards
• Infected appliances
• Backdoored IT equipment
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
IT SECURITY DRIVERS
COMPLIANCE
Common Standards L 196, L 231, ISO 27001, HIPAA, SOX, PCI DSS…
New Challenges
• DATA PROTECTION OFFICER
• AVOID DATA BREACH
• DETECT & ALERT
• FORENSICS
Compliance + Controls
Identify + Processes
Proactive
Investigate
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
New «SECURITY DRIVERS»
Social & Mobility
Advanced Persistent Threats
Application Security
Big Data
Who
Where
How
What
METADATA :
Location
Distribution
Topic
Versions
…
INDICATORS OF COMPROMISE
EVOLVING THREAT LANDSCAPE
Corporation Employees
Data Loss
Cloud
Services
Malware
&
Vulnerabilities Business
Associates
Mobile
Devices /
Employees
Hackers
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
CYBER THREATS JUST AHEAD
4
TOP 3 CYBER THREATS
Facing organisation in 2016
52% Social Engineering 40% Insider Threats 39% Advanced Persistent
Threats
Source: ISACA’S Jan2016 CYBERSECURITY, SNAPSHOT, GLOBAL DATA
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Information Security Risk Management Fundamentals
5
AVAILABILITY
INTEGRITY
CONFIDENTIALITY
Risk = Vulnerability x Threat
Counter Measure Score
x Valuation
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Information Security Risk Management Fundamentals
6
VULNERABILITY Processes
Systems
Network
Applications
Continuous check
Continuos remediation
THREATS New threats every 1.5 seconds
Variants
Exploit kits
Botnets
APT
Penalties
COUNTERMEASURES Processes
Checks
AV
IPS
FW
APT
WAF
HIPS
APP CTRL…….
Consultancy
VALUATION Data
Assets
ANALYSIS Qualitative
Quantitative
Risk = Vulnerability x Threat
Counter Measure Score
x Valuation
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Situational Awareness Security
7
«Paying attention on what is going
on around you. Basically the
definition is the ability to scan the
environment and sense danger,
challenges and opportunities, while
maintaining the ability to conduct
normal activities»
New «Threats»
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Security: The Operational Impacts
8
INFORMATION SECURITY
DLGS. 196/2003 e s.m.i.
DLGS. 231/01 e s.m.i. Law 547/93 e s.m.i.
ISO/IEC 27001:2013
COBIT
ITIL
……
Virus
Worm
Trojan
Payloads
Man in the Middle
Brute Force Authentication..
APT
OPERATIONAL IMPACTS
SECURITY RISK MANAGEMENT
Legal & Compliance Threats Vulnerabilities
CVE MS 2008-067
CVE 2014-62-71
ISO
NIST
OWASP
OSST
Vectors of Attack
Technical Impacts
Business Impacts
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
SIEM Role: Situational Awareness Security
9
BI
GRC
Network Full Visibility
SIEM
Manual Input
Info
rma
tio
n M
atu
rity
iAM DLP Net
flow
FW/iD
PS
Anti-
virus FIM VAM
CM-
DB Fraud
Other
log
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Security Analytics: the process
10
Investigation
Compliance Reporting
Endpoint Analysis
Session Reconstruction
Incident Management
Capture Time Data Enrichment
LOGS
PACKETS
ENDPOINT
NETFLOW
On Prem
Cloud
Action Analysis Visibility
LIVE
Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA Research RSA LIVE INTELLIGENCE
Advanced Analytics
ENRICH
Monitor everything Logs, network traffic, user activity
Correlate intelligently Connect the dots of disparate activity
Detect anomalies Unusual yet hidden behavior
Prioritize for Action Attack high-priority incidents
LIVE
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
SIEM and beyond – Security Analytics Goals
11
1 - Log Collection & Compliance Catturare i log, mantenerli nel loro stato inalterato, e
analizzarli anche a fini di compliance
2 – Full Network Visibility Garantire piena visibilità su ciò che avviene nella
propria infrastruttura grazie alla Full Packet Capture
3 - Information and Event Correlation Correlare ed analizzare il flusso dei log, netflow
e pacchetti per identificare le anomalie.
5 - Enterprise Security Risk,
Vulnerability & Compliance in one view
Riassumere ed identificare costantemente
lo stato di rischio.
4 - Intelligence, Real Time Security and
Threat Visibility, Analytics
Garantire visibilità real time degli eventi, delle
minacce, degli alerts e dello stato di sicurezza
contestualizzati con le informazioni di intelligence.
7 – Situational awareness Adattare il processo al nuovo stato di rischio.
6 – Risk Mitigation, Prioritized and
Contextualized Action
Gestire la severità degli eventi / falsi positivi
ed intraprendere prontamente le corrette attività di
intervento/remediation
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Need of The «RIGHT» Tools
12
Time relevant matter to close the gap
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Security BU – The Right «Partner»
SOLUTIONS
SERVICES
CONSULTING
GOVERNANCE
Compliance
Professional
Services
Technology
Cyber Security
Managed
Security
Services
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Security BU Offering: Cyber Security
• APT Assessment
• Ethical Hacking
• Forensic Analysis
Assessment
• Multi Protocol Network Detection
• Spear Phishing Mitigation
• Anti Bot Net
• Sandboxing & behavioral monitor
• Zero Day Protection
Technology
• SIEM implementation
• IOC Analysis
• Malware Analysis
• CSIRT Services
Management
Detect
Analyze
Adapt
Respond
Cyber
Security
APT Cycle
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Security BU Offering: Technology
• Anti Malware
• Mobile Security
• Anti Spam
• Web Threat Security
• URL Filtering
• Data Loss Prevention
• Encryption
CONTENT SECURITY
• Firewall
• IDS/IPS
• Next Generation Firewall
• Host Intrusion Prevention
• Network Access Control
• Unified Threat
Management
• SSL / Virtual Private
Network
NETWORK SECURITY
• Virtualization Protection
• Anti Malware
• Vulnerability Protection
• Firewall
• IPS / IDS
• Log Inspection
• DDOS
DATACENTER & CLOUD SEC.
• IAM Identity & Access
Mgmt
• PAM Privileged Account
Mgmt
• SIEM Security
Information Event Mgmt
• SSO Single Sign On
• Log Mgmt
SECURITY MANAGEMENT
Content Security
Network Security
Datacenter & Cloud Security
Security Management
Technology
© Hitachi Systems CBT S.p.A. 2015. All rights reserved.
Contacts
HEADQUARTER
ROME
Via Francesco P. Da Cherso, 30 - 00143
+39 06 519931
www.hitachi-systems-cbt.com
MAIN SITES
MILAN
Via Dei Gracchi, 7 – 20146
+39 02 489571
VENICE - QUARTO D’ALTINO
Via L. Mazzon, 9 – 30020
+39 0422 19702
TURIN
Via Gian Domenico Cassini, 39 - 10129
+39 011 5613567
NOVARA
Via Biandrate, 24 - 28100
+39 0321 670311
BOLOGNA - CASALECCHIO DI RENO
Via Ettore Cristoni, 84 - 40033
+39 051 8550501
Superior service empowered by combining the strength of our people and information technology.