Risk Management and Remediation
•Als PPTX, PDF herunterladen•
1 gefällt mir•2,843 views
Speakers: Kurt Van Etten, Symantec Director, Product Management Stephen Brown, Arellia, President Dan McManus, Arellia, Director of Sales
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Risk Management and Remediation
Ähnlich wie Risk Management and Remediation (20)
Mehr von Carahsoft
Mehr von Carahsoft (13)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Risk Management and Remediation
- 1. Risk Management and Remediation Kurt Van Etten Stephen Brown Symantec Arellia Director, Product Management President Dan McManus Arellia Director of Sales Risk Management and Remediation 1
- 2. Agenda 1 Need to Move to Risk Management 2 Deeper Dive on Risk Manager 3 Remediation Risk Management and Remediation 2
- 3. Rapid Maturation of Information Security Risk Scoring & Cyberscope Management Reporting Continuous Monitoring • Focus on top priorities • Reporting to higher • Drive action to • Peer Comparison reduce risk • Collection of Data • Vulnerability • Configuration • Procedural Risk Management and Remediation 3
- 4. Symantec Approach to IT Risk Management How do IT risks How do you convey How do you affect your IT risks to your drive measurable mission? peers? risk reduction? CCS RISK MANAGER TRANSLATE INFLUENCE ACT Risk Management and Remediation 4
- 5. Introducing CCS Risk Manager CCS RISK MANAGER TRANSLATE INFLUENCE ACT » Define virtual » Convey IT risk in » Prioritize based on business assets business terms business impact » Connect related » Customized views » Align Security and IT assets for greater impact IT Operations » Create business » Justify new security » Track risk reduction view of IT risk investments over time Risk Management and Remediation 5
- 6. Current View of IT Risk – Technology Centric Risk Management and Remediation 6
- 7. Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 7
- 8. Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 8
- 9. Using Risk to Drive Accountability and Action Transaction Processing System Plan Current Projected Target Name Risk Objective Status Score Score Date Owner Plan A B Secure Configuration Completed Submitted 3.65 2.75 2.75 3/15/12 Bob Plan B C Patch Level Standard Completed Submitted 4.22 1.81 1.81 4/11/12 Joe Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe Plan D C Protect Web Servers Completed Submitted 3.51 2.10 2.10 2/28/12 Dave Risk Management and Remediation 9
- 10. CCS Risk Manager Highlights Define a business asset you want to manage Visualize and understand IT risk for this business asset Prioritize remediation based on IT risk, not technical severity Monitor risk reduction over time Risk Management and Remediation 10
- 11. Visualize and Understand IT Risk Enterprise Wide View of Business Risk Risk Overview for People’s Bank Risk & Compliance Sales Specialist Training - CCS Risk Manager 11
- 12. Visualize and Understand IT Risk Balanced View of Business and Operational Metrics Drill down to technical details Risk & Compliance Sales Specialist Training - CCS Risk Manager 12
- 13. Prioritize Remediation Based on Risk Risk Modeling Risk Management and Remediation 13
- 14. Prioritize Remediation Based on Risk Remediation Plan by Risk Objective Review & finalize remediation plan Risk Management and Remediation 14
- 15. Monitor Risk Reduction Over Time Manage Remediation Plans Track risk reduction for remediation plans Risk Management and Remediation 15
- 16. Effective Risk Management Data Driven View of Risk • Cross-reference multiple data points for a true view of risk 1 • Combine 3rd party data for ‘composite’ risk score • Easily digest and distill data from thousands of devices Ability to Show Business Value • Map IT assets to business assets 2 • Present relevant information to business peers • Flexible reporting – avoid costly re-mapping efforts Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time 3 • Develop action plans to manage entire remediation process • Demonstrate risk reduction over time Risk Management and Remediation 16
- 17. Effective Remediation • Remediation: The act or process of correcting a fault or deficiency • Automating Remediation can: – Fix 95% of Security Profile settings w/o manual intervention – Immediately address an environment’s post-audit vulnerability status – Provide significant ROI Risk Management and Remediation
- 18. Why Haven’t We Automated Remediation? • Auditing and Remediation – Security (Auditing) vs. Operations (Change Management) • SCAP Validated • Means that we can ingest SCAP audit results!!! • Standards Enable Security • Common language between security and management • Security results become Management Tasks • Automatic remediation for 6 well known configuration types • Registry settings • Local password policies • Security audit • Service configuration • Account lockout • Account privileges • Actionable, Automated, & Auditable 18 Risk Management and Remediation
- 19. Closed Loop Direct Remediation SCAP Audit Initiated • FDCC SCAP Audit Tool Remediation Tool • USGCB • STIG • CIS End Point 19 Risk Management and Remediation
- 20. Closed Loop Direct Remediation Audit Complete • Results Available SCAP Audit Tool Remediation Tool via Reporting Security Results Management Tasks Remediation Tasks Executed End Point • Approval Manual and/or Automated 20 Risk Management and Remediation
- 21. Closed Loop Direct Remediation Remediation Complete • Results Available via SCAP Audit Tool Remediation Tool Reporting Remediation Complete • SCAP Audit Tool Notified SCAP Validation Audit End Point • FDCC, USGCB, etc. Risk Management and Remediation
- 22. Closed Loop Direct Remediation Validation Audit Complete SCAP Audit Tool Remediation Tool • Results Available via Reporting End Point 22 Risk Management and Remediation
- 23. Didn’t You Mention Something About ROI? Example: Windows 7 • Fix 95% of Security Profile settings w/o manual intervention •• Post “Typical” Install an environment’s post-audit vulnerability status Immediately address of Windows 7, run a USGCB audit • Windows 7 installation will be around 30% compliant • Provide a significant ROI to a customer (70% failure to comply) Manual Audit Costs Number of issues to address 100 Minutes per issue 5 Total Time (Hours) 8.33 Jr. Admin Salary $50,000 TOTAL COST $200.32 • Soft costs (unfactored): Lost productivity of Jr. Admin AND End User • Will need to perform remediation again after next audit! Risk Management and Remediation
- 26. How Arellia Can Further Help Effective Risk Management D Removing End Users’ Administrator A Securing Local Admin Accounts & Rights Passwords Application Automating Whitelisting Remediation C B
- 27. Privilege Management: Increasing Security AND End User Productivity Privilege Management: The ability to enable or secure applications through the addition or removal of user rights. 1 in 14 Programs downloaded in Windows are malicious 43% 2011 MS Bulletins address Privilege Exploitation 110 Million Estimated new Windows 7 users in 2012 Annual cost savings per managed endpoint: $653 “moderately managed” vs. “locked and well-managed” Risk Management and Remediation
- 28. Windows 7 End User Accounts: High Security Posture AND End User Productivity “Ideal” end user model? “Privilege management and • Standard User with elevated application control tools help privileges for predetermined achievecustomer) functions (by total cost of ownership (TCO) Cannot be doneclose to third – reasonably without a that party tool of a locked and well-managed • Balances security needs user, while giving users some with end user productivity ability to control their – Security posture remains high systems.” – End user productivity remains high Gartner: “The Cost of Removing – Support costs at all levels Administrative Rights for the Wrong lowered Users” (April 2011) Risk Management and Remediation
- 29. Local Administrative Rights: The Interrogative Process •Who has Admin Access?!?!? •What was the justification? •When were these waivers last reviewed? •Where in my organization are these local end user accounts with admin rights? •Why aren’t my GPOs enough? Risk Management and Remediation
- 30. How Do I Fix This? • Local Admin Password: Randomization & Cycling • Discover local user accounts – Including accounts with admin rights • Group Membership Enforcement • Windows Service Account Management • Auditing of Administrator Account Usage • Local Security Inventory and Configuration • Compliance Reporting Risk Management and Remediation
- 31. www.arellia.com Item Description How to purchase Sold exclusively via Symantec sales and partners Buying Options Available in Symantec buying programs Contacts 800.889.8091 (Option 1) or SalesStaff@arellia.com Data Sheets www.arellia.com/solutions Forums / Documentation portal.arellia.com/wiki Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo Webcasts / Events www.arellia.com/events Blog www.arellia.com/blog Twitter @ArelliaSoftware Partner Portal arellia.channelplace.net
- 32. Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Risk Management and Remediation 32
Hinweis der Redaktion
- Allows you to define what can be remediated automatically vs. what may require manual review (based upon organization policy)
- ARELLIARather than becoming another assessment focused tool, we created a tool to drive automated remediation using SCAP and the underlying open standardsESRS enables Operations to:Identify or import issues from an SCAP assessment productAutomate the remediation tasksPredefine remediation tasks that meet requirements for change management approvalEach security policy provides quick information on:Assessments completedCompliance trend over timeIndividual computer compliance scoresRemediation actions can be automatically generated after an assessment and can be approved from the Remediation Approvals tab.