evolution of security management
DESCRIPTION
Presentation done at les Assises de la Sécurité 2008 at MonacoTRANSCRIPT
Security Management Evolution and solutions
Christophe Briguet [email protected] © 2008 Exaprotect
Why infrastructures are
evolving?
60% of the IT budget is allocated to operation *
* Gartner 2007
Sarbanes-Oxley Act European Directives ISO 27001 PCI-DSS FSA HIPAA
62% of security incident are
human error *
* Verizon 2008 Data Breach Investigation Report
1 molecule / 1000 succeed on the market
10 years of R&D
5 years of exclusive
rights
~1 admin for 50 servers in 2000
~1 admin for 200 servers in 2008
100 000 000 users - 70 employees
54 000 000 users - 200 employees
Water-Based Data Center
50%
of the carbone footprint of air transportation
ZZZZZZZ
50% of the time*
* IDC 2008
12/1
80%
Virtual firewall
+100 Daily changes
+10 000 Access list
100
External Vs Internal
Why security best practices have changed?
* Diversity
*
53% of company merged parts of their
physical and logical security * * Gartner
9.1.1 Use video cameras or other access control mechanisms to monitor individual physical access to sensitive areas. Review collected data and correlate with other entries…
Logs are like cars …
each two years X2
You can't defend. You can't
prevent. The
only thing you
can do is detect
and respond.”
“
- Bruce Schneier
From disorganization to process ...
40% of organization are thinking about ITIL *
From disorganization to process ...
Incident management Problem management Change management Release management Capacity management Availability management Service level management Configuration management Security management Etc.
From process to tools...
Products & solutions
LogManager & EventManager S e c u r i t y I n f o r m a t i o n a n d E v e n t M a n a g e m e n t
Solsoft ChangeManager Network Configuration and C h a n g e M a n a g e m e n t
Example of security best practices
BP #1 Get a clear picture of your network topology
BP #2 Use a central rules management system
smtp
BP #3 Test before implementing a new configuration
A rules may hide another one
Compilation results
BP #4 Collect and consolidate logs
BP #5 Automate t rea th detec t ion
Authentication
Authentication
Login success
User authenticated User logging sucess
Same time window and same user account and differente network
Correlation
EventManager
Aggregation and Normalization 2 x Success authentication user Wilcox
Potential Identity Hijacking on user account Wilcox
overlooking the obvious
BP #6 Remediate in a collaborative way
EventManager ChangeManager
Remediation Order
Incident Case
Plan « B » ?
Virutal Machine hyperviseur
New Virtual Machine
EventManager
New VM deployed
Adjust security policies
B P # 7 A u t o m a t c h a n g e m a n a g e m e n t
New Virtual Machine
EventManager
… to the log management process
… to compliance reports
Add the new Virtual Machine …
New Virtual Machine
ChangeManager
… to the network filtering policy
… to the NAT configuration
… to the VPN configuration
Add the new Virtual Machine …
Change management
ChangeManager
Regulatory compliance
Security monitoring
LogManager EventManager
Process and best practice
Thank you ! [email protected]