Presentation done at les Assises de la Sécurité 2008 at Monaco

1. Security Management
Evolution and solutions
Christophe Briguet
cbriguet@exaprotect.com © 2008 Exaprotect

2. Why
infrastructures are
evolving?

3. 60%
of the IT budget
is allocated to
operation *
* Gartner 2007

4.  Sarbanes-Oxley Act
 European Directives
 ISO 27001
 PCI-DSS
 FSA
 HIPAA

5. 62%
of security
incident are
human error *
* Verizon 2008 Data Breach Investigation Report

6. 5 years of
exclusive
10 years rights
of R&D
1 molecule / 1000 succeed on the market

7. ~1 admin for 50 servers in 2000

8. ~1 admin for 200 servers in 2008

9. 100 000 000 users - 70 employees

10. 54 000 000 users - 200 employees

11. Water-Based Data Center

12. 50%
of the carbone footprint
of air transportation

13. 50%
ZZZZZZZ
of the time*
* IDC 2008

14. 12/1
80%

15. 100
Virtual firewall
+100
+10 000
Access
Daily changes
list

16. External Vs Internal

17. Why security best
practices have
changed?

18. *
* Diversity

19. 53%
of company merged parts of their
physical and logical security *
* Gartner

20. 9.1.1 Use video cameras or other access control
mechanisms to monitor individual physical access to sensitive
areas. Review collected data and correlate with other
entries…

21. Logs are like cars …

22. X2
each two years

23. You can't
“
efend. You can't
d
revent. The
p
ly thing you
on
o is detect
can d
-oucedh”
Br n Sc. neier
and resp

24. 40%
of organization are
thinking about ITIL *
From disorganization to process ...

25. Incident management
Problem management
Change management
Release management
Capacity management
Availability management
Service level management
Configuration management
Security management
Etc.
From disorganization to process ...

26. From process to tools...

27. Products & solutions

28. LogManager & EventManager
S e c u r i t y I n f o r m a t i o n
a n d E v e n t M a n a g e m e n t

30. Solsoft ChangeManager
Network Configuration and
C h a n g e M a n a g e m e n t

32. Example of security best practices

33. BP #1 Get a clear picture of your network topology

34. BP #2 Use a central rules management system
smtp

35. BP #3 Test before implementing a new configuration
Compilation results
A rules may hide another one

36. BP #4 Collect and consolidate logs

37. B P # 5 A u t o m a t e t r e a t h d e t e c t i o n
Authentication
Login success
Authentication

38. Potential Identity
Hijacking on user
account Wilcox
EventManager
Correlation
Same time window and same user account and differente
Aggregation and
network
x Success authentication user Wilcox
2
Normalization
User logging sucess
User authenticated

39. overlooking the obvious

40. BP #6 Remediate in a collaborative way
Remediation
Incident Case
Order
EventManager
ChangeManager

41. Plan « B » ?

42. B P # 7 A u t o m a t c h a n g e m a n a g e m e n t
Adjust security policies
EventManager
New VM deployed
Virutal Machine New Virtual
hyperviseur
Machine

43. EventManager
New Virtual Add the new Virtual Machine
Machine
…
… to the log management … to compliance reports
process

44. ChangeManager
New Virtual Add the new Virtual Machine
Machine
…
… to the VPN
… to the network … to the NAT
configuration
filtering policy
configuration

45. Process and best practice
Change Regulatory Security
management
compliance
monitoring
EventManager
ChangeManager
LogManager

46. Thank you !
cbriguet@exaprotect.com