150 likes | 287 Views
Why does IT Security fail? …and what you can do about it Sponsored by. Business reality. The modern enterprise Depends on its IT assets (internal) Must interact with vendors, suppliers and partners Must trust internal users …aye, there’s the rub. Security challenges.
E N D
Why does IT Security fail? …and what you can do about it Sponsored by
Business reality • The modern enterprise • Depends on its IT assets (internal) • Must interact with vendors, suppliers and partners • Must trust internal users • …aye, there’s the rub
Security challenges • Mammals -- conditioned to fear what we see…but… • Can’t “see” cyber security threats • We consider warnings from “experts” as fanciful (does not apply to me) • Examples • SQL Injection • Now the #1 threat to the Web+db app • Considered implausible a few years back • USB devices – Insider Threat • Great power, great responsibility • Great potential for misuse/abuse/loss/productivity • Auditors - Compliance
The nature of the attack • Readily recognized • Low & Slow, harder to recognize • Zero Day, not yet known • Why are they attacking? • Financial gain • Because they can • Because it’s become much easier
Back to basics • Understand your environment • Baseline behavior • Know users, systems -- normal patterns • Establish ground rules • Define policies, enforce them • Gather data, look at it for patterns • Technology can help…but… • People are the key
Your tax dollars at work http://csrc.nist.gov/groups/SMA/fisma/Risk-Management-Framework/index.html
Maintain Balance • Between detection and prevention • Between technology and people • Between benefit and cost • Between power & ease-of-use
Business constraints • Medium Enterprise has: • All the technical and regulatory challenges of large enterprises…but… • Smaller budget and manpower and has less time to implement solutions • Medium Enterprise needs: • Big, strong capabilities • But, solutions must be EASY to manage
10 Quick Wins • Maintain, monitor, analyze audit logs • Control use of admin privileges • Account monitoring & control • Data loss prevention (USB) • Inventory of software • IT Policy changes • Unauthorized IT configuration changes • Secure configuration • Malware defense • Monitor virtual infrastructure
EventTracker • A dashboard of security and event information • What is happening – Detect & avoid • Users, Systems, Apps, FW, Flow, USB, VMware • What has happened – Analyze & avoid • Report, Analysis, Search • What is different – Control & avoid • Change Audit, Config Assessment • Compliance • PCI-DSS, FISMA, HIPAA, NERC, SAS70, SOX, CAG,…
Industry Leading Gartner EventTracker software is suited for midsize businesses that require one product that provides log management, SEM, compliance reporting and operations monitoring Included on the Magic Quadrant for Security Information and Event Management, 2009 Award Winning
Further Information www.prismmicrosys.com