Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard.
Review this presentation to learn:
- Common audit compliance failures
- A pre-audit checklist to help you plan and prepare
- Core security capabilities needed to demonstrate compliance
- How to simplify compliance with a unified approach to security
5. The Era of Targeted Attacks
74% of attacks on retail,
accommodation, and food
services companies target
payment card information.
Data from Verizon Data Breach Investigations Reports (DBIRs), 2011, 2012 and 2013
6. The Era of… Uh-oh
> 1.9 million
Point-of-Sale
(POS)
machines run
Windows XP
~ 95% of ATMS
in US still run
Windows XP
7. Poor Compliance When Breached
PCI Regulation
#10
• Track &
monitor all
access to
network
resources &
cardholder
data
Source: Verizon 2014 PCI Compliance Report
8. http://www.sans.org/critical-security-controls
SANS Top 20 Critical Security Controls
1. Inventory of Authorized and
Unauthorized Devices
2. Inventory of Authorized and
Unauthorized Software
3. Secure Configurations for
Hardware and Software on Mobile
Devices, Laptops, Workstations,
and Servers
4. Continuous Vulnerability
Assessment and Remediation
5. Malware Defenses
6. Application Software Security
7. Wireless Access Control
8. Data Recovery Capability
9. Security Skills Assessment and
Appropriate Training to Fill Gaps
10.Secure Configurations for Network
Devices such as Firewalls,
Routers, and Switches
11.Limitation and Control of Network
Ports, Protocols, and Services
12.Controlled Use of Administrative
Privileges
13.Boundary Defense
14.Maintenance, Monitoring, and
Analysis of Audit Logs
15.Controlled Access Based on the
Need to Know
16.Account Monitoring and Control
17.Data Protection
18.Incident Response and
Management
19.Secure Network Engineering
20.Penetration Tests and Red Team
Exercises
9. Why Is This Control Critical
How to Implement This Control
Procedures and Tools
Effectiveness Metrics
Automation Metrics
Effectiveness Test
System Entity Relations
Detailed Information for Both the IT
Practitioner & Auditor
11. To simplify how organizations detect and
mitigate threats
• Benefit from the power of crowd-sourced
threat intelligence & unified security
AlienVault Vision
18. AlienVault Server to
aggregate data and
manage the
deployment
AlienVault Sensor to
collect data from the
infrastructure
AlienVault
Logger for long
term storage and
reporting
AlienVault All-in-One
to collect, aggregate,
and store data as well
as manage
Three Components
19. Three Components, Three Form Factors
AlienVault Server to
aggregate data and
manage the
deployment
AlienVault Sensor to
collect data from the
infrastructure
AMIVirtual AppliancePhysical Appliance
AlienVault
Logger for long
term storage and
reporting
AlienVault All-in-One
to collect, aggregate,
and store data as well
as manage
24. Traditional Response
First Street
Credit Union
Zeta Insurance
Group
John Smith
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Respond
Detect
25. Traditional Response
First Street
Credit Union
Zeta Insurance
Group
John Smith
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Respond
27. A Real-Time Threat Exchange Framework
First Street
Credit Union
Zeta Insurance
Group
John Smith
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Open Threat Exchange
Puts Preventative Response Measures in Place
Through Shared Experience
28. A Real-Time Threat Exchange Framework
First Street
Credit Union
Zeta Insurance
Group
John Smith
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Open Threat Exchange
Protects Others in the Network With
the Preventative Response Measures
29. Benefits of Open Threat Exchange
Shifts the advantage from the
attacker to the defender
Open and free to everyone
Each member benefits from the
incidents of all other members
Automated sharing of threat data
30. Threats Change. Your event
correlation rules, IP reputation data, etc.
should change too.
It’s Impossible to Predict All Bad
Things. You need a solution that
evolves with you.
The Need to Adapt
What’s not in the fine print
but should be…
Dynamic threat intelligence
updates
Flexible use case support
31. Reputation Monitor
• External view of IPs
- Targeted?
ThreatFinder
• Internal view of IPs
- Compromised?
OSSIM
• World’s most widely
used open source
SIEM product
Free Tools
32. AlienVault Labs Threat Intelligence
Coordinated analysis, actionable guidance
Weekly updates to coordinated rule sets:
Network IDS
Host IDS
Asset discovery / inventory database
Vulnerability database
Event correlation
Report modules and templates
Incident response templates / “how to” guidance for each
alarm
Plug-ins to accommodate new data sources
34. Now for Some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
www.alienvault.com/free-trial
Try our Interactive Demo Site
www.alienvault.com/live-demo-site
Free Tools
www.alienvault.com/open-threat-
exchange
Thank You!
Patrick Bedwell pbedwell@alienvault.com
Notas do Editor
Provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and employing the right defenses, to avoid becoming a target themselves.
How do we ensure that the information related is not only getting pushed to the right place, but automated pushed down the line so that not just the first organization benefits but every other organization benefits from that response as well. We have the framework built out – limited information, IP information.