Download - Risk Management and Remediation
![Page 1: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/1.jpg)
Risk Management and Remediation 1
Risk Management and Remediation
Kurt Van EttenSymantecDirector, Product Management
Stephen BrownArelliaPresident
Dan McManusArelliaDirector of Sales
![Page 2: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/2.jpg)
Agenda
Risk Management and Remediation 2
Need to Move to Risk Management1
Deeper Dive on Risk Manager2
Remediation3
![Page 3: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/3.jpg)
Rapid Maturation of Information Security
Risk Management and Remediation 3
Continuous Monitoring
CyberscopeReporting
• Collection of Data• Vulnerability• Configuration• Procedural
• Reporting to higher• Peer Comparison
Risk Scoring&
Management
• Focus on top priorities
• Drive action to reduce risk
![Page 4: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/4.jpg)
Symantec Approach to IT Risk Management
Risk Management and Remediation 4
CCS RISK MANAGER
TRANSLATE ACTINFLUENCE
How do you drive measurable
risk reduction?
How do you convey IT risks to your
peers?
How do IT risks affect your mission?
![Page 5: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/5.jpg)
Introducing CCS Risk Manager
Risk Management and Remediation 5
CCS RISK MANAGER
TRANSLATE ACTINFLUENCE
»Prioritize based on business impact
»Align Security andIT Operations
»Track risk reduction over time
»Convey IT risk in business terms
»Customized views for greater impact
» Justify new security investments
»Define virtual business assets
»Connect relatedIT assets
»Create business view of IT risk
![Page 6: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/6.jpg)
Current View of IT Risk – Technology Centric
Risk Management and Remediation 6
![Page 7: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/7.jpg)
Transaction Processing
System
Case Management
Translating IT Risk
Risk Management and Remediation 7
![Page 8: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/8.jpg)
Translating IT Risk
Risk Management and Remediation 8
Transaction Processing
System
CaseManagement
![Page 9: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/9.jpg)
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan A Secure Configuration Completed 2.75 2.75 3/15/12 Bob
Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan C Protect Web Servers Completed 2.10 2.10 2/28/12 Dave
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan A Secure Configuration Submitted 3.65 2.75 3/15/12 Bob
Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan C Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan B Secure Configuration Submitted 3.65 2.75 3/15/12 Bob
Plan C Patch Level Standard Submitted 4.22 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan D Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave
Using Risk to Drive Accountability and Action
Risk Management and Remediation 9
Transaction Processing
System
![Page 10: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/10.jpg)
Define a business asset you want to manage
Visualize and understand IT risk for this business asset
Prioritize remediation based on IT risk, not technical severity
Monitor risk reduction over time
CCS Risk Manager Highlights
10
Risk Management and Remediation
![Page 11: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/11.jpg)
Risk & Compliance Sales Specialist Training - CCS Risk Manager
Visualize and Understand IT Risk
11
Enterprise Wide View of Business Risk
Risk Overview for People’s Bank
![Page 12: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/12.jpg)
Risk & Compliance Sales Specialist Training - CCS Risk Manager
Visualize and Understand IT Risk
12
Balanced View of Business and Operational Metrics
Drill down to technical
details
![Page 13: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/13.jpg)
Prioritize Remediation Based on Risk
13
Risk Modeling
Risk Management and Remediation
![Page 14: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/14.jpg)
Prioritize Remediation Based on Risk
14
Remediation Plan by Risk Objective
Review & finalize remediation plan
Risk Management and Remediation
![Page 15: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/15.jpg)
Monitor Risk Reduction Over Time
15
Manage Remediation Plans
Track risk reduction for remediation plans
Risk Management and Remediation
![Page 16: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/16.jpg)
Data Driven View of Risk• Cross-reference multiple data points for a true view of risk• Combine 3rd party data for ‘composite’ risk score• Easily digest and distill data from thousands of devices
1
Effective Risk Management
16
Ability to Show Business Value• Map IT assets to business assets• Present relevant information to business peers• Flexible reporting – avoid costly re-mapping efforts
Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time• Develop action plans to manage entire remediation process• Demonstrate risk reduction over time
2
3
Risk Management and Remediation
![Page 17: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/17.jpg)
Effective Remediation
• Remediation: The act or process of correcting a fault or deficiency• Automating Remediation can:– Fix 95% of Security Profile settings w/o manual intervention
– Immediately address an environment’s post-audit vulnerability status
– Provide significant ROI
Risk Management and Remediation
![Page 18: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/18.jpg)
Why Haven’t We Automated Remediation?
Risk Management and Remediation
18
• Registry settings• Security audit• Account lockout
• Local password policies• Service configuration• Account privileges
• Automatic remediation for 6 well known configuration types
• Auditing and Remediation– Security (Auditing) vs. Operations (Change Management)
• SCAP Validated• Means that we can ingest SCAP audit results!!!
• Standards Enable Security• Common language between security and management• Security results become Management Tasks
• Actionable, Automated, & Auditable
![Page 19: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/19.jpg)
Closed Loop Direct Remediation
19
SCAP Audit Initiated• FDCC• USGCB• STIG• CIS
SCAP Audit Tool Remediation Tool
End Point
Risk Management and Remediation
![Page 20: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/20.jpg)
Closed Loop Direct Remediation
20
Audit Complete• Results Available
via ReportingSCAP Audit Tool Remediation Tool
End Point
Security Results Management Tasks
Remediation Tasks Executed• Approval Manual
and/or Automated
Risk Management and Remediation
![Page 21: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/21.jpg)
Closed Loop Direct Remediation
Remediation Complete• Results Available via
ReportingSCAP Audit Tool Remediation Tool
End Point
Remediation Complete• SCAP Audit Tool
Notified
SCAP Validation Audit • FDCC, USGCB, etc.
Risk Management and Remediation
![Page 22: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/22.jpg)
Closed Loop Direct Remediation
22
Validation Audit Complete• Results Available
via ReportingSCAP Audit Tool Remediation Tool
End Point
Risk Management and Remediation
![Page 23: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/23.jpg)
Didn’t You Mention Something About ROI?
• Fix 95% of Security Profile settings w/o manual intervention
• Immediately address an environment’s post-audit vulnerability status
• Provide a significant ROI to a customer
Example: Windows 7• Post “Typical” Install of Windows 7, run a USGCB audit• Windows 7 installation will be around 30% compliant (70%
failure to comply)
• Soft costs (unfactored): Lost productivity of Jr. Admin AND End User
• Will need to perform remediation again after next audit!
Manual Audit Costs
Number of issues to address 100
Minutes per issue 5
Total Time (Hours) 8.33
Jr. Admin Salary $50,000
TOTAL COST $200.32
Risk Management and Remediation
![Page 24: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/24.jpg)
RemediationActions
![Page 25: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/25.jpg)
Security Configuration
Visibility
![Page 26: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/26.jpg)
A
BC
D
How Arellia Can Further Help Effective Risk Management
Removing End Users’ Administrator
Rights
Securing Local Admin Accounts &
Passwords
ApplicationWhitelisting
AutomatingRemediation
![Page 27: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/27.jpg)
Privilege Management:
1 in 14
43%
110 Million
$653
Increasing Security AND End User Productivity
Programs downloaded in Windows are malicious
2011 MS Bulletins address Privilege Exploitation
Estimated new Windows 7 users in 2012
Annual cost savings per managed endpoint:“moderately managed” vs. “locked and well-managed”
Privilege Management: The ability to enable or secure applications through the addition or removal of user rights.
Risk Management and Remediation
![Page 28: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/28.jpg)
Windows 7 End User Accounts:
“Ideal” end user model?• Standard User with elevated
privileges for predetermined (by customer) functions– Cannot be done without a third
party tool
• Balances security needs with end user productivity– Security posture remains high
– End user productivity remains high
– Support costs at all levels lowered
High Security Posture AND End User Productivity
“Privilege management and application control tools help
achieve total cost of ownership (TCO) reasonably close to that of a locked and well-managed user, while giving users some
ability to control their systems.”
Gartner: “The Cost of Removing Administrative Rights for the Wrong
Users” (April 2011)
Risk Management and Remediation
![Page 29: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/29.jpg)
Local Administrative Rights:
• Who has Admin Access?!?!?• What was the justification?• When were these waivers last reviewed?• Where in my organization are these local end
user accounts with admin rights?• Why aren’t my GPOs enough?
The Interrogative Process
Risk Management and Remediation
![Page 30: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/30.jpg)
How Do I Fix This?• Local Admin Password: Randomization & Cycling• Discover local user accounts– Including accounts with admin rights
• Group Membership Enforcement• Windows Service Account Management• Auditing of Administrator Account Usage• Local Security Inventory and Configuration• Compliance Reporting
Risk Management and Remediation
![Page 31: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/31.jpg)
www.arellia.comItem Description
How to purchase Sold exclusively via Symantec sales and partners
Buying Options Available in Symantec buying programs
Contacts 800.889.8091 (Option 1) or [email protected]
Data Sheets www.arellia.com/solutions
Forums / Documentation portal.arellia.com/wiki
Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo
Webcasts / Events www.arellia.com/events
Blog www.arellia.com/blog
Twitter @ArelliaSoftware
Partner Portal arellia.channelplace.net
![Page 32: Risk Management and Remediation](https://reader033.vdocuments.net/reader033/viewer/2022061115/5463fdd5af795979338b472a/html5/thumbnails/32.jpg)
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
32
Risk Management and Remediation