Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service."— Presentation transcript:

1 Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service

2 Enterprise security Consul  17 years of security event management experience  Winner of ISSA Organization of the Year in 2003  Founded in 1986  Worldwide presence: –US, –Europe, –Asia-Pacific, –Latin America

3 Enterprise security Security landscape is changing  Disappearing perimeter  More complex security devices  Heterogeneous networks  Information overload  Not enough resources  Increasing threats  Regulatory requirements  Cost pressure

4 Enterprise security What are customers saying  Make their security operations more efficient  Gain a holistic understanding of their overall security  Comply with regulations  Make sense out of the chaos that is a large network  Respond more quickly and intelligently to problems  Monitor and enforce business-critical policies  Conduct more effective post-event forensics and analysis  Move from auditing to monitoring

5 Enterprise security It’s all about Value Suppose you could protect your most valuable business assets at the lowest cost? Wouldn’t you want to know how?

6 Enterprise security It’s all about Your Critical Data Most security devices monitor the network perimeter. Yet key assets are on the less-protected inside. Is your core network adequately protected?

7 Enterprise security Lots of Products - Few Solutions Companies have invested heavily in firewalls, IDS, and AV systems, yet remain vulnerable to devastating attacks. What are you doing to continuously monitor security on your perimeter AND core networks?

8 Enterprise security Regulations are a worry Proliferating industry and regulatory standards raise the bar on implementing and demonstrating effective security. HIPAA, GLB, BS 7799, Basel II What is the value of effective compliance to regulations in your company?

9 Enterprise security The security infrastructure is in place Security Infrastructure Authorization Authentication Firewall / VPN Anti-Virus PKI OS Security Application Security Intrusion Detection Systems (IDS) Biometrics

10 Enterprise security But security remains a tradeoff More Openness Increased Security

11 Enterprise security Too many reports and alarms  From firewalls  From intrusion detection systems  From anti-virus systems  Many log files

12 Enterprise security Too few reports where it matters  Internal systems are not monitored enough: –Logging turned off or not understood –Reports have no real-world meaning  Comparison across systems impossible  Auditing versus company policy impossible Are you secure? “I don’t know”

13 Enterprise security Insiders remain a threat  Inside is as hostile as outside, but in a different way  64% of companies admit they suffer from security breaches  76% of all security breaches are due to insider work  70% of all corporate data still on mainframes

14 Enterprise security Security management process

15 Enterprise security Step one: define What’s the status?  Assess current enterprise security  Review policies  Benchmarking and gap analysis  Compliance to standards and regulations  Understand source of today’s vulnerabilities  Define metrics for success

16 Enterprise security Step two: protect Implementation of solution:  Implement policies  Define security procedures  Create awareness and communication  Establish administration and support roles

17 Enterprise security Step three: check How secure are we?:  Measure Compliance  Check for existing vulnerabilities  Modify policies and settings  Learn from intrusions and issues  Measure against metrics Security event management

18 Enterprise security Comprehensive approach

19 Enterprise security People system administrators managers finance human resource secretary on line customers / suppliers / partners hackers etc.

20 Enterprise security Technology operating system intrusion detection system firewalls business applications anti-virus software etc.

21 Enterprise security Security policy Who is allowed to do what kind of actions on what kind of documents in which period of time from which place and on which server?

22 Enterprise security Consul/eAudit Simplifying a complex environment…

23 Enterprise security Monitors output from over 50 platforms Evaluates security events, policy violations Real-time, intuitive view of network Prioritized, actionable alerts, drill-down reports Best practices baselines, HIPAA, GLB Extensive auditing, reporting and forensics Visualization, reporting and alerting Normalization and correlation Policy Consul/eAudit

24 Enterprise security Helping you lower the costs of security

Download ppt "Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
BalaBit Shell Control Box

BalaBit Shell Control Box
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Similar presentations

Ads by Google