Security Management Evolution and solutions

Christophe Briguet cbriguet@exaprotect.com © 2008 Exaprotect

Why infrastructures are

evolving?

60% of the IT budget is allocated to operation *

* Gartner 2007

 Sarbanes-Oxley Act  European Directives  ISO 27001  PCI-DSS  FSA  HIPAA

62% of security incident are

human error *

* Verizon 2008 Data Breach Investigation Report

1 molecule / 1000 succeed on the market

10 years of R&D

5 years of exclusive

rights

~1 admin for 50 servers in 2000

~1 admin for 200 servers in 2008

100 000 000 users - 70 employees

54 000 000 users - 200 employees

Water-Based Data Center

50%

of the carbone footprint of air transportation

ZZZZZZZ

50% of the time*

* IDC 2008

12/1

80%

Virtual firewall

+100 Daily changes

+10 000 Access list

100

External Vs Internal

Why security best practices have changed?

* Diversity

*

53% of company merged parts of their

physical and logical security * * Gartner

9.1.1 Use video cameras or other access control mechanisms to monitor individual physical access to sensitive areas. Review collected data and correlate with other entries…

Logs are like cars …

each two years X2

You can't defend. You can't

prevent. The

only thing you

can do is detect

and respond.”

“

- Bruce Schneier

From disorganization to process ...

40% of organization are thinking about ITIL *

From disorganization to process ...

Incident management Problem management Change management Release management Capacity management Availability management Service level management Configuration management Security management Etc.

From process to tools...

Products & solutions

LogManager & EventManager S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t

Solsoft ChangeManager Network Configuration and C h a n g e M a n a g e m e n t

Example of security best practices

BP #1 Get a clear picture of your network topology

BP #2 Use a central rules management system

smtp

BP #3 Test before implementing a new configuration

A rules may hide another one

Compilation results

BP #4 Collect and consolidate logs

BP #5 Automate t rea th detec t ion

Authentication

Authentication

Login success

User authenticated User logging sucess

Same time window and same user account and differente network

Correlation

EventManager

Aggregation and Normalization 2 x Success authentication user Wilcox

Potential Identity Hijacking on user account Wilcox

overlooking the obvious

BP #6 Remediate in a collaborative way

EventManager ChangeManager

Remediation Order

Incident Case

Plan « B » ?

Virutal Machine hyperviseur

New Virtual Machine

EventManager

New VM deployed

Adjust security policies

B P # 7 A u t o m a t c h a n g e m a n a g e m e n t

New Virtual Machine

EventManager

… to the log management process

… to compliance reports

Add the new Virtual Machine …

New Virtual Machine

ChangeManager

… to the network filtering policy

… to the NAT configuration

… to the VPN configuration

Add the new Virtual Machine …

Change management

ChangeManager

Regulatory compliance

Security monitoring

LogManager EventManager

Process and best practice

Thank you ! cbriguet@exaprotect.com