Effective security monitoring mp 2014
-
Upload
ricardo-resnik -
Category
Data & Analytics
-
view
104 -
download
0
description
Transcript of Effective security monitoring mp 2014
Effective Cyber Security Monitoring & Compliance
by Ricardo ResnikMultiPoint Ltd.April 2014
Your Challenges• Threat identifycation?• Data Breach detection?• 24x7 Security Monitoring?• Compliance?
Threat Landscape• Advanced Persistent Threats target
every industry• Companies of all sizes are at risk• Attacks compromise valuable trade
secrets, financial & customer data
• Near impossible to discover without a finger on the pulse• 66% of breaches take months or
more to discover
Source: Verizon DBIR 2013
“ [This] isn't the first company to be breached after getting a clean bill of health for PCI compliance, and it won't be the last.”
Bank Info Security, February 2013
“Top three recent [healthcare] data breaches affected about 1.3 million people”
Health IT Security, July 2013
“A data breach investigations report from Verizon, released Tuesday, showed that small businesses continue to be the most victimized of all companies.”
CNN, April 2013
What is an effective security program?
• A set of processes and best practices developed and implemented– Based on industry standards
Process
Technology
• Immediate and comprehensive visibility into the “Threat”– Remove silos and connect the dots
People
• Trained, experienced Information Security professionals– Must be operational 24 x7
What EiQ’s SOCVue Delivers:
• SANS Critical Security Controls Automation– Continuously analyze your IT environment against Security best
practices– Identify weak Links in your security postureProcess
Technology
• EiQ SecureVue– Log Management & Security Monitoring– Correlation & Forensic Analysis – Compliance Reporting– Asset Discovery
People
• EiQ SOCVue Service– Certified Security & Product engineers – 24x7 Monitoring– Alert Notification and Remediation Guidance – On-Demand Investigation – Daily/Monthly Reporting
The Value of EiQ SOCVue
Timely Notification of
Security Incidents& Remediation
Guidance
Malware Attacks IP Spoofing Excessive traffic Unapproved traffic Behavior anomaly Policy violation Failed event
collection
Ongoing Critical Security Control
Assessment
No unknown assets No unapproved
software/ports/protocols Anti-malware in place Vulnerabilities are
addressed Proper logging in place
Security & Compliance
Reporting & On-Demand
Investigations
PCI HIPAA GLBA NIST
On-Demand Investigations
EiQ SOCVue®• A subscription based service that enables EiQ Security Analysts to
remotely manage the on-premise SecureVue® implementation. EiQ Security Analysts• EiQ SOC Team consists of security analysts who are certified
security & product engineers. • This team will continuously monitor and notify you of potential
issues.
The SOCVue Experience
7
• Service Includes– Events of Interest Monitoring & Incident Management– Daily Reporting– Daily Solution Health Snapshot– Monthly Summary Reporting of Security Concerns– Monthly Solution Health Review– Up to 2 Investigation Requests per Month– One-on-One Review Session Once a Month
Service Offering – Core Service Features
8
Summary
• We address all your challenges• Next Steps
– SOCVue Evaluation– Trial Date