1 / 35

Criminal Justice Day

This event focuses on the development and implementation of effective policies and controls in the criminal justice system. Experts will share best practices and technologies to ensure compliance with relevant regulations and frameworks. Join us on October 15th, 2007 in Green Park, Reading.

goetz
Download Presentation

Criminal Justice Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Criminal Justice Day Louis Brooks Criminal Justice Account Director 15 October 2007

  2. Criminal Justice Day 15th October 2007, Green Park, Reading

  3. People Process and Technology Compliance Paul Gamble Principal Business Consultant

  4. CESG COBIT MOPI UPSA ISO PCI Create Map Publish Assess Fix • Business Policies • Info Security • Access Control • Non IT Policy Exception Scoped by Risk Level Summary of Approach Written Policy Technical Controls Procedural Controls • Configurations • Security best practices • Remediation • Vulnerabilities • Non-credentialed checks • Credentialed checks • Patch Mgmt • Control self assement • Questionnaire responses • Risk-based prioritisation • Transparent Auditing • Entitlements review • Group\file permission • classify & assign owners • Approval workflow

  5. Basel II COBIT NIST SOX ISO PCI Create Map Publish Assess Fix • Corporate Policies • Info Security • Access Control • Termination Govern Control Define Scoped by Risk Level • Configurations • Security best practices • Remediation • Vulnerabilities • Non-credentialed checks • Credentialed checks • Patch Mgmt • Control self assmnt • Questionnaire responses • Risk-based prioritization • Entitlements review • Group\file permission • classify & assign owners • Approval workflow Summary of Approach Written Policy Technical Controls Procedural Controls

  6. Response Assessment Module Procedural Controls

  7. Building Questionnaires • RAM includes questionnaires for many standard regulations and frameworks including : ISO27001, ISO20000 PKI, ITIL • Other can quickly be developed for CJS specific obligations / best practise (UPSA/CSP, MOPI, underlying ACPO guidelines etc)

  8. Assigning Risk Weights • Weights can be assigned to both questions and responses to reflect importance and risk

  9. Question Import Tool • Questionnaires can be quickly created from existing documents using the Import tool • The Import tool allows text to be pasted in or typed to create multiple questions in one operation • Questionnaires can be “Operational awareness” or an ongoing training requirements analysis

  10. Web Portal • Questionnaires delivered via Web client

  11. Responding to a questionnaire • Users may save partial responses, exit, and resume the questionnaire at a later time

  12. Uploading documents / URL’s • Administrators can add documents and URLs to questionnaires by clicking the “Add Document” link to the right of the questionnaire • Clicking the “Certification Required” box ensures the users open the document or URL before they are able to respond to the questionnaire

  13. Response files • Each respondent's data is saved in response file • Multiple response files can be loaded at one time to aggregate the results from multiple respondents

  14. Analysis Tools • User can select how granular the representation – top level, sub level, question level • Split screen option allows access to the response details including the responses and comments as well as the graphical representation

  15. Procedural Operational Infrastructure Incident Management IT Controls PerimeterSecurityDevices Database Security MailSecurity Host Intrusion Protection Anti-virus Security Monitoring Process Are my policies & controls effective? Collect, Identify, Prioritize, Remediate, Report Identify Prioritize Respond Review GLOBAL INTELLIGENCE Query & Report Remediate Risks Applicability Severity • Data Theft of customer data • Policy Violation on SOX impacted sys • Malicious Outbreak in branch office • Policy Violation • Data Theft • Malicious Outbreak • Compliance reporting • Threat analysis • Trend reporting

  16. Q&A Enterprise Vault Customer Presentation 16

  17. The trend towards endpoint enforcement Paul Gamble Principal Business Consultant

  18. Networks are Continually Exposed Guests WANs& Extranets Internet Kiosks& Shared Computers SSL VPN Consultants IPsec VPN EmployeesWorking at Home WirelessNetworks WebApplications • Security has moved on : • Connectivity drives productivity but increases vulnerability • People and data sources are now the network perimeter • Attacks are increasingly targeted • - often from the inside • The Cabinet Office is recommending a change in focus – from a perimeter fortified GSI a more open network with very strong endpoint controls 18

  19. The changing threat In government threats are usually targeted Blended Threats are becoming the norm Attacks are typically stealthy Criminals wish to remain hidden to maximise gain / damage The solution needs to be smart and layered Symantec behavioural technology identifies 1000 threats/month that the top 5 antivirus products are missing. Signature based Antivirus is no longer enough 19

  20. Threat Landscape is Evolving Taken from the Internet Security Threat Report, Jul-Dec 06, Jan-Jun 07: • 25% of exploit code was released less than one day after vulnerability disclosure. • 12 zero-day attacks occurred, up from 1 between Jan-Jun 06! • 66% of the top 50 malicious code were designed to steal sensitive or confidential data. • Over the first six months of 2007, the United Kingdom was the EMEA country most frequently targeted by DoS attacks, accounting for 46 percent of attacks in the region during this period. …AV technology is still very important, but no longer enough!

  21. Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate) • Adds endpoint compliance to endpoint protection • Device control to prevent data leakage at the endpoint (Sygate) • Protection against mp3 players, USB sticks, etc • Behavior-based Intrusion prevention (Whole Security) • Vulnerability-based protection (Generic Exploit Blocking) • OS Protection (protect users from themselves!) • Gartner leader! - Industry’s best managed desktop firewall (Sygate) • Includes best location awareness in the market • Best anti-spyware, proven leading track record in both detection and removal • Includes VERITAS technology for rootkit handling • The World’s leading anti-virus solution (SAV CE) • More consecutive Virus Bulletin certifications (32) than any vendor Ingredients for Symantec Endpoint Protection Network AccessControl Device Control IntrusionPrevention Firewall Anti-Spyware AntiVirus

  22. Group/Policies Log Content Cluster Cluster Database Database Database Database Fault Tolerance / Fail Over Failover between Management Servers & Data Stores Replication SEPM SEPM SEPM SEPM SEPM SEPM

  23. Nothing new • We are not releasing any new technologies in Symantec Endpoint Protection, no 1.0 releases here. • Intrusion prevention has been around for years but has reached less than 15% of endpoints – Partly because of the false alarm rate and partly because of system resources …but our integrated solution and low memory usage are new!

  24. Endpoint agents need memory Paul’s Laptop – 512MB memory Windows ~140MB SCS ~129MB IPS Device control Application control NAC • Oh and some spare to actually do my day job IPS Device Control 24

  25. A summary of Endpoint Protection Scanning can be auto-throttled to give priority to user applications Location awareness allows separate policies for VPN, Wireless, Ethernet… Fingerprint system and block any new application from being added or run Allow the connection of USB flashdrives but make them read-only Sorry, Word documents must be saved to this area of the network Management dashboard with instant ‘customisable’ overview Tiered Administration Manage to delegate tasks 25

  26. Protecting Access to your Information Access Controls : • Who – Officer, Network Admin, … • How – Workstation, Laptop, Mobile Device • When – Time of access • Where – Office Network, Wireless, VPN, … • What – The target data or application

  27. Authorizing Endpoints, Not Just Users • Network Access Control = Control who can access your network by creating a closed system • Ensure that required patches, configuration, and protection signatures are in place before the endpoint connects to the operational network • Automatic endpoint remediation • Enforce policy before access is granted Authorized User Authorized Endpoint + Protected Network

  28. Step 1 Endpoint Attaches To Network Configuration Is Determined ✗ Monitor Endpoint ToEnsure Ongoing Compliance Step 4 Monitor Enforce ü ü Step 2 Compliance Of ConfigurationAgainst Policy Is Checked Remediate PatchQuarantineVirtual Desktop Step 3 Take Action Based OnOutcome Of Policy Check What is Network Access Control? Discover

  29. Microsoft SQL Server Database 802.1x Enabled Switch DHCPServer Symantec LAN Enforcer Symantec DHCP Enforcer Symantec Gateway Enforcer Symantec Enforcement Agent + Symantec Endpoint Protection Agent (Self-Enforcement approach) Symantec Network Access Control:Solution Elements Symantec Policy Manager Management Enforcement Endpoint

  30. Antispam & Antivirus Data Loss Prevention • Detect, block, and remove • Spam • Spim • Virus • Other malware • Monitor structured and unstructured content • Compliance templates • Incident mgmt workflow Multi-protocol Control Predictive Threat Protection • Enforce policies for email, IM and web (beta) • Integrated administration • Unified incident management • Protect against 0-day threats • Real time threat protection for synchronous communications Information In-Motion:Symantec Messaging Security • Messaging is business critical • No longer just email • 80% of company IP is in email • 52% of data security breaches are from insiders* • 96% data leaks are inadvertent rather than malicious* * Data from EPIC.org, perkinscole.com and Vontu

  31. Mobile Devices • Consequences of a lost laptop could be more damaging than those of a ‘conventional’ disaster …. • but we know that… ? • Next Generation Mobile Devices • Just as powerful as a laptop • 22 times more likely to be lost • Increased data value… Increased reason for attack • Often given the same security & compliance policy as for ‘normal’ mobile phones? • New compliance policies are needed for new technologies BEFORE they are deployed

  32. Windows Mobile and Smartphone Symantec Mobile Security Suite 5.0 • Symantec Mobile Security Suite 5.0 for Windows Mobile • Symantec Mobile Security Suite Components • AV • Anti-SMS Spam • LiveUpdate • Firewall • Personal Data Protection / Data Encryption • Device Password Protection • Software Integrity Assurance • Phone Feature Control • Network Access Control (with Symantec Mobile VPN) • Enterprise Management • Symantec Mobile VPN 2.6 (separate product)

  33. Loss Mitigation Symantec Mobile Security Suite 5.0 – Loss Mitigation • Secure folder encryption • Includes memory cards • Automatically encrypt My Documents folder on logout • Device password protection • Data wipe after maximum number of failed logins • The user is warned when the maximum is almost reached • Encryption of selected files on memory cards • Ability to share encrypted files between users

  34. Symantec Mobile VPN 2.6 Symantec Mobile VPN 2.6 • Compatible with Cisco and Nortel VPN gateways • Allows devices to connect to networks through secure IPSec VPN tunnels • Compliant with Symantec Network Access Control architecture • No VPN gateway configuration changes required; uses same configuration as the Cisco and Nortel VPN client

  35. Q&A Enterprise Vault Customer Presentation 35

More Related