8447779800, Low rate Call girls in Tughlakabad Delhi NCR
Risk Management and Remediation
1. Risk Management and Remediation
Kurt Van Etten Stephen Brown
Symantec Arellia
Director, Product Management President
Dan McManus
Arellia
Director of Sales
Risk Management and Remediation 1
2. Agenda
1 Need to Move to Risk Management
2 Deeper Dive on Risk Manager
3 Remediation
Risk Management and Remediation 2
3. Rapid Maturation of Information Security
Risk Scoring
&
Cyberscope Management
Reporting
Continuous
Monitoring
• Focus on top
priorities
• Reporting to higher • Drive action to
• Peer Comparison reduce risk
• Collection of Data
• Vulnerability
• Configuration
• Procedural
Risk Management and Remediation 3
4. Symantec Approach to IT Risk Management
How do IT risks How do you convey How do you
affect your IT risks to your drive measurable
mission? peers? risk reduction?
CCS RISK MANAGER
TRANSLATE INFLUENCE ACT
Risk Management and Remediation 4
5. Introducing CCS Risk Manager
CCS RISK MANAGER
TRANSLATE INFLUENCE ACT
» Define virtual » Convey IT risk in » Prioritize based on
business assets business terms business impact
» Connect related » Customized views » Align Security and
IT assets for greater impact IT Operations
» Create business » Justify new security » Track risk reduction
view of IT risk investments over time
Risk Management and Remediation 5
6. Current View of IT Risk – Technology Centric
Risk Management and Remediation 6
7. Translating IT Risk
Transaction
Processing
System
Case
Management
Risk Management and Remediation 7
8. Translating IT Risk
Transaction
Processing
System
Case
Management
Risk Management and Remediation 8
9. Using Risk to Drive Accountability and Action
Transaction
Processing
System
Plan Current Projected Target
Name Risk Objective Status Score Score Date Owner
Plan A
B Secure Configuration Completed
Submitted 3.65
2.75 2.75 3/15/12 Bob
Plan B
C Patch Level Standard Completed
Submitted 4.22
1.81 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan D
C Protect Web Servers Completed
Submitted 3.51
2.10 2.10 2/28/12 Dave
Risk Management and Remediation 9
10. CCS Risk Manager Highlights
Define a business asset you want to manage
Visualize and understand IT risk for this business asset
Prioritize remediation based on IT risk, not technical severity
Monitor risk reduction over time
Risk Management and Remediation 10
11. Visualize and Understand IT Risk
Enterprise Wide View of Business Risk
Risk Overview for People’s Bank
Risk & Compliance Sales Specialist Training - CCS Risk Manager 11
12. Visualize and Understand IT Risk
Balanced View of Business and Operational Metrics
Drill down
to technical
details
Risk & Compliance Sales Specialist Training - CCS Risk Manager 12
14. Prioritize Remediation Based on Risk
Remediation Plan by Risk Objective
Review & finalize
remediation plan
Risk Management and Remediation 14
15. Monitor Risk Reduction Over Time
Manage Remediation Plans
Track risk reduction for
remediation plans
Risk Management and Remediation 15
16. Effective Risk Management
Data Driven View of Risk
• Cross-reference multiple data points for a true view of risk
1 • Combine 3rd party data for ‘composite’ risk score
• Easily digest and distill data from thousands of devices
Ability to Show Business Value
• Map IT assets to business assets
2 • Present relevant information to business peers
• Flexible reporting – avoid costly re-mapping efforts
Move Beyond Risk Assessment to Risk Monitoring & Management
• Track objectives and monitor risk over time
3 • Develop action plans to manage entire remediation process
• Demonstrate risk reduction over time
Risk Management and Remediation 16
17. Effective Remediation
• Remediation: The act or process of correcting a fault or deficiency
• Automating Remediation can:
– Fix 95% of Security Profile settings w/o manual intervention
– Immediately address an environment’s post-audit vulnerability status
– Provide significant ROI
Risk Management and Remediation
18. Why Haven’t We Automated Remediation?
• Auditing and Remediation
– Security (Auditing) vs. Operations (Change Management)
• SCAP Validated
• Means that we can ingest SCAP audit results!!!
• Standards Enable Security
• Common language between security and management
• Security results become Management Tasks
• Automatic remediation for 6 well known configuration types
• Registry settings • Local password policies
• Security audit • Service configuration
• Account lockout • Account privileges
• Actionable, Automated, & Auditable
18
Risk Management and Remediation
19. Closed Loop Direct Remediation
SCAP Audit Initiated
• FDCC
SCAP Audit Tool Remediation Tool
• USGCB
• STIG
• CIS
End Point
19
Risk Management and Remediation
20. Closed Loop Direct Remediation
Audit Complete
• Results Available
SCAP Audit Tool Remediation Tool via Reporting
Security Results
Management Tasks
Remediation Tasks
Executed
End Point • Approval Manual
and/or Automated
20
Risk Management and Remediation
21. Closed Loop Direct Remediation
Remediation Complete
• Results Available via
SCAP Audit Tool Remediation Tool Reporting
Remediation Complete
• SCAP Audit Tool
Notified
SCAP Validation Audit
End Point
• FDCC, USGCB, etc.
Risk Management and Remediation
22. Closed Loop Direct Remediation
Validation Audit
Complete
SCAP Audit Tool Remediation Tool • Results Available
via Reporting
End Point
22
Risk Management and Remediation
23. Didn’t You Mention Something About ROI?
Example: Windows 7
• Fix 95% of Security Profile settings w/o manual intervention
•• Post “Typical” Install an environment’s post-audit vulnerability status
Immediately address
of Windows 7, run a USGCB audit
• Windows 7 installation will be around 30% compliant
• Provide a significant ROI to a customer
(70% failure to comply)
Manual Audit Costs
Number of issues to address 100
Minutes per issue 5
Total Time (Hours) 8.33
Jr. Admin Salary $50,000
TOTAL COST $200.32
• Soft costs (unfactored): Lost productivity of Jr. Admin AND End User
• Will need to perform remediation again after next audit!
Risk Management and Remediation
26. How Arellia Can Further Help Effective Risk Management
D
Removing End
Users’ Administrator
A
Securing Local
Admin Accounts &
Rights Passwords
Application Automating
Whitelisting Remediation
C B
27. Privilege Management:
Increasing Security AND End User Productivity
Privilege Management: The ability to enable or secure
applications through the addition or removal of user rights.
1 in 14 Programs downloaded in Windows are malicious
43% 2011 MS Bulletins address Privilege Exploitation
110 Million Estimated new Windows 7 users in 2012
Annual cost savings per managed endpoint:
$653 “moderately managed” vs. “locked and well-managed”
Risk Management and Remediation
28. Windows 7 End User Accounts:
High Security Posture AND End User Productivity
“Ideal” end user model?
“Privilege management and
• Standard User with elevated
application control tools help
privileges for predetermined
achievecustomer) functions
(by total cost of ownership
(TCO) Cannot be doneclose to third
– reasonably without a that
party tool
of a locked and well-managed
• Balances security needs
user, while giving users some
with end user productivity
ability to control their
– Security posture remains high
systems.”
– End user productivity remains
high
Gartner: “The Cost of Removing
– Support costs at all levels
Administrative Rights for the Wrong
lowered
Users” (April 2011)
Risk Management and Remediation
29. Local Administrative Rights:
The Interrogative Process
•Who has Admin Access?!?!?
•What was the justification?
•When were these waivers last reviewed?
•Where in my organization are these local end
user accounts with admin rights?
•Why aren’t my GPOs enough?
Risk Management and Remediation
30. How Do I Fix This?
• Local Admin Password: Randomization & Cycling
• Discover local user accounts
– Including accounts with admin rights
• Group Membership Enforcement
• Windows Service Account Management
• Auditing of Administrator Account Usage
• Local Security Inventory and Configuration
• Compliance Reporting
Risk Management and Remediation
31. www.arellia.com
Item Description
How to purchase Sold exclusively via Symantec sales and partners
Buying Options Available in Symantec buying programs
Contacts 800.889.8091 (Option 1) or SalesStaff@arellia.com
Data Sheets www.arellia.com/solutions
Forums / Documentation portal.arellia.com/wiki
Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo
Webcasts / Events www.arellia.com/events
Blog www.arellia.com/blog
Twitter @ArelliaSoftware
Partner Portal arellia.channelplace.net
Allows you to define what can be remediated automatically vs. what may require manual review (based upon organization policy)
ARELLIARather than becoming another assessment focused tool, we created a tool to drive automated remediation using SCAP and the underlying open standardsESRS enables Operations to:Identify or import issues from an SCAP assessment productAutomate the remediation tasksPredefine remediation tasks that meet requirements for change management approvalEach security policy provides quick information on:Assessments completedCompliance trend over timeIndividual computer compliance scoresRemediation actions can be automatically generated after an assessment and can be approved from the Remediation Approvals tab.