Technology Roadmap for Managed IT and Security

05/24/2017Michael Kirby II, Scott Yoshimura

Agenda

2

• Managed IT Roadmap

• Operational Risk and Compliance

• Cybersecurity – Managed Security Services

Managed IT Strategic Roadmap

3

• Long term strategic direction

– Scale services to larger financial institutions

– Managed IT Advanced

Add Linux, Unix, Oracle, DBA Support, Application Development

Add « Shared » Customer Tools

– Managed IT Custom

Ala Carte Option

Managed Risk Services

Managed Security Services

IPT/Network Services

Hosted Services

Help Desk/Deskside Support

Managed IT Enhancements

4

• Migrating to new endpoint management system

– Current system has not kept up with market enhancements

– New solution will allow greater efficiency in:

Patch Management

Asset Inventory

Software Distribution

Configuration Compliance

Operational Risk and ComplianceTechnology Roadmap for Managed IT and Security

5

• Transition slide in template is un-editable, using this as a place holder

Needs Drive Innovation

Managed Risk Services

6

• Risk & Control Self Assessment (RCSA)

– Organizations are in need of a way to evaluate, document & monitor compliance with various regulations, framework & guidance.

• Managed Security Awareness (MSA)

– There is increased scrutiny by auditors/examiners surrounding cybersecurity awareness & training. Annual testing & training is

not enough to properly equip employees with the tools to detect & properly handle phishing threats. Organizations need a tool to

launch & manage phishing campaigns to properly test employees, report to management, & build awareness throughout the

enterprise.

• Vendor Risk Manager (VRM) Enhancements

– Vendor management continues to be a focus area of regulators. As a result we are continuously looking at ways to create more

efficient processes of managing vendors risk, while increase the oversight & monitoring capabilities.

• Enhanced GLBA/Information Security Risk Assessment & Enhanced Cybersecurity Risk Assessment

– Current risk assessment processes are designed for periodic (typically annual) evaluations of risk. Organizations are in need of a

tool to integrate these risk assessment processes into their internal practices for better identification, monitoring, & reporting of

risk.

Overview

Risk & Control Self Assessment (RCSA)

7

• Designed to allow institutions to self assess against various regulations, frameworks, &

guidance

• System defaults with defined Control Objectives to meet designated requirements, along with

suggested Control Activities to meet the Control Objectives

• Quantify coverage & effectiveness of controls, along with documenting justification

• Ability to upload & attach supporting documentation to centralize documents to provide auditors

& examiners to show compliance

• Progress indicators

• Ability to generate issues to document, track & monitor areas that need to be addressed based

on the self assessment

8

9

10

11

Overview

Managed Security Awareness (MSA)

12

• Social-engineering simulations across four vectors

– Email Phishing

– SMS (Smishing)

– Voice (Vishing)

– Mobile Media

• Over 300 phishing templates, 60+ landing pages and 150+ domains

• Patented multi-variable attack simulations

• Address book utility which incorporates over 50 data elements from which to measure risk

• Outlook plugin allows end-user reporting of suspected phishing attempts

• Leverage Regulatory University (RegU) for education & awareness

Overview

Vendor Risk Manager (VRM)

13

• Real-time, online, quantitative vendor risk assessment and monitoring service

• VRM allows the institution to evaluate new vendor relationships and monitor existing

relationships.

• Data feeds collected are analyzed by VRM’s operational experts.

• The platform delivers a customized risk score based on the institution’s unique relationship with

the vendor, and the complete picture of empirical risk data on the vendor.

• VRM will initiate workflows to review, approve, or notify impacted stakeholders of material

changes to the vendor’s risk profile.

• Additionally, institutions can monitor their vendor risk with real time interactive dashboards that

give a holistic view of all vendor profiles.

14

15

Roadmap

Vendor Risk Manager (VRM) Enhancements

16

2017 - Q1 FUTURE

MAR APR MAY JUN JUL AUG SEPT

OP

ER

AT

ION

AL

RIS

K

VENDOR SURVEY ENHANCEMENTS: Support for vendor registration, and survey flow improvements

Nth PARTY RISK: Support for relating vendors and factoring in the risk of 4th parties and beyond

BBB INTEGRATION: Include BBB and D&B with the other vendor due diligence

NON-MANAGED SERVICE: Support for stand-alone use of VRM

API: Support for 2-way data integrations for importing/exporting of data with other systems

SSO: Support for SSO for seamless authentication with other systems

CONTRACT MANAGEMENT: Enhanced support for managing contract terms, renewals, and workflows

ASSESSMENTS: New RaaS module for performing Risk Assessments

SLA TRACKING: Support for SLA tracking, measuring, reporting and workflows

REPORTING ENHANCEMENTS: New chart-based reporting with focus on auditors and compliance

MOBILE ENHANCEMENTS: Support for Touch ID and push notifications on Apple iOS Devices

2017 - Q2 2017 - Q3

Nth PARTY RISK

VENDOR SURVEY ENHANCEMENTS

NON-MANAGED SERVICE

API

BBB INTEGRATION

SLA TRACKING

CONTRACT MANAGEMENT

MOBILE ENHANCEMENTS

SSO

ASSESSMENTS

REPORTING ENHANCEMENTS

Enhanced GLBA/Information Security & Cybersecurity Risk Assessments

17

• Web based risk assessment modules

– Based on GLBA & FFIEC Information Security Handbook

– Based on the FFIEC Cybersecurity Assessment Tool & NIST Cybersecurity Framework

• New product, service or asset risk assessment process to ensure Information

Security & Cybersecurity risks are assessed before launch

• Incorporate within institutional policies to create a living risk assessment process

instead of an annual risk assessment

• Issue management function to log, monitor & report issues identified in the risk

assessment process

• Control testing documentation & tracking mechanism

Cybersecurity Product/Service Roadmap for Managed Security Service

18

• Transition slide in template is un-editable, using this as a place holder

New Services Roadmap

19

Service Summary

• Cyberguard Endpoint Threat Detection

– Powered by Red Canary/Carbon Black Response

– Purpose: Endpoint threat detection platform that enables detection, response, and insight on threats in your

network

• Cyberguard Endpoint Threat Prevention

– Powered by CylancePROTECT

– Purpose: Preventing unauthorized malware from running on a client’s network through Artificial Intelligence

• Vulnerability Management (Enhanced Vulnerability Management, Perimeter and Internal Defense)

– Purpose: Managed Vulnerability Service utilizing FIS “time to remediate” asset prioritization

Cyberguard Endpoint Threat Detection

Detect the threats your prevention tools miss.

20

- Cloud-based 24/7 endpoint activity recording, visibility, and threat detection

- Expert analysts to remove false positives

- Integrated platform to rapidly respond to threats

21

Endpoint

sensors record

activity

SOC Analysts

Investigate

Platform

Detects

Threats

file modifications

process creation

process injection

user identity

network connections

EMET alerts

registry modification

module loads

binary content

Alerts

customers

MSS responds

with power

22

Endpoint

sensors record

activity

SOC Analysts

Investigate

Platform

Detects

Threats

Alerts

customers

MSS responds

with power

Identify

Known bad

Good apps

gone bad

New activity

Unusual activity

Application Behavioral

Analysis

User Behavior Analytics

Organizational

Intelligence

Using…

Binary Analysis

Threat Intelligence

23

Endpoint

sensors record

activity

SOC Analysts

Investigate

Platform

Detects

Threats

Alerts

customers

MSS responds

with power

“24/7” remote monitoring, investigation, and confirmation

Full access to endpoint history

Automated retrospective hunting from identified IOCs

24

Endpoint

sensors record

activity

SOC Analysts

Investigate

Platform

Detects

Threats

Alerts

customers

MSS responds

with power

Intelligence to understand the threat indicators, endpoint and user information

threat timeline

25

Endpoint

sensors record

activity

SOC Analysts

Investigate

Platform

Detects

Threats

Alerts

customers

MSS responds

with power

Isolate Remediate ResearchTechnical

Q&A

Included tools and expertise to stop threats and return your organization to

a good state

Automate

Cyberguard Endpoint Threat Prevention

26

• Predicts cyber attacks and blocks them on the endpoint in real-time before they ever execute.

– Leverages the power of machines, not humans, to dissect malware’s DNA. Artificial intelligence then determines if the

code is safe to run.

• Provides an innovative next generation endpoint threat protection solution to prevent advanced

threats and malware from causing harm

• Utilizes artificial intelligence techniques, machine learning and algorithmic science

Cyberguard Endpoint Threat Prevention

• Prevents malware pre-execution

• Silences memory attacks, exploits, privilege

escalation, fileless attacks

• Thwarts unauthorized scripts

• Rejects potentially unwanted programs

(PUPs) from entering the environment

• Uncovers the presence of powerful tools that

can be used against you

• All without prior knowledge

• Protection is not Cloud dependent

• No signatures / infrequent updates

• Ultra light agent footprint

• Deployment simplicity

27

Vulnerability Management

28

• The FIS-Developed Total Risk Score enables clients to quantify the risk of their devices in order

to make effective decisions based on organizational risk appetite.

• Device usage cases build the device risk score and when paired with Common Vulnerability

Security Score, it generates the Total Risk Score – a numerical value for risk.

Device

Risk

Score

CVSSTotal Risk

Score

Vulnerability Management

29

• Allows workflow tracking for

vulnerabilities

• Workflow Approvers provide

oversight and governance over the

Workflow Process.

• Bulk Remediation of many tasks at

once.

Vulnerability Management Enhancements

30

• Integrate 3rd Party Objective Assessment/audit findings

– Track remediation efforts of 3rd party findings in the same system as tracking regular vulnerability remediation's

– Leverage existing workflow

Risk Accepts

Pending Fix

False positives

• Integrate Threat Intelligence “chatter” into the system

– Scenario: “Dark web chatter” that a specific vulnerability is being exploited to deliver malware. The system would raise

the priority of remediation based on this intelligence.

– Remediation prioritization would increase based on intelligence

Michael Kirby II, Scott Yoshimura

Mike.Kirby@fisglobal.com, scott.Yoshimura@fisglobal.com

©2017 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information.