Karunia has extensive education and certification in information security and management. He owns several technology companies focused on security and has spoken internationally and nationally on security topics. CryptoRing provides managed security services that integrate security tools and devices, correlate data, and provide real-time alerts and weekly reports to help customers address security challenges cost effectively.
2. Karunia
Formal Education:
• Master Degrees, September 2003, University of Pelita Harapan, Jakarta
• Bachelor’s Degrees, January 1997, University of HKBP Nommensen, Medan
• Diploma’s Degree, 1995, International Computer Studies Microskills Singapore - Medan,
Certification:
• IBM eServer Certified Specialist, March 2002, iSeries Solution Sales V5R1
• Managed Security Specialist, Des 2005, SIMCommander, Hong Kong
• Web Security Expert, September 2010, Armorize Technolgy, San Francisco.
• MVCN Encryption Specialist, October 2010, Navayo Technologies Inc., Hungary
• IRM Specialist, August 2012, Seclore Technology, India
• Certified IRCA Lead Auditor ISO27001, February 2013 , BSI, United Kingdom
• NRPL MSSR Radar Specialist, May 2013, NRPL, Finland
Others:
• Executive Vipasanna Meditation, Geulis Mountain, Based on S.N. Goenka Meditation Courses
• Emotions Metabolism, By Mahadibya Nurcahyo Chakrasana
• Neuro Linguistic Programming, Jogja, Basic Principle of Life Expanding 72 hours By Clear Heart Foundation
3. International & National
Speakers for:
• Kemenkoinfo
• Kemenakertrans
• Kemenhan
• Kemenhub
• Lembaga Sandi Negara
• BP Batam
• BPPT
• BNN
• SGU
• Binus
• MIEL Academy –
(India, Vietnam, Macau, Singapore, Malays
ia)
Owner of :
• PT. Adi Inti Mandiri – Tangerang Selatan
• PT. Adi Inti Mandiri Solusi - Jakarta
• PT. Global Network Security - Jakarta
• PT. Auto Technic Multimedia - Batam
• PT. Maxima Innovative Technology - Jakarta
• PT. Inti Wira Buana - Jakarta
• PT. Indo Mindstrom Wizzard - Jakarta
• BPR Pundi Dana Mandiri - Jambi
• Vivasoft Pte. Ltd. - Singapore
• IMWizz Pte. Ltd. - Singapore
• SIMCommander Inc. – Hong Kong
• GlobeNet Secure Sdn. Bhd. – Malaysia
• MIEL Pte. Ltd. - Singapore
4. Security Management
Challenges
• Implementation
– Tools to manage security cost millions
– Integrating and deploying is challenging
– 24 x 365 management requires highly trained staff
• Business Imperative
– Not core business – does not generate revenue
– Investing in security management can be costly and not
producing the expected results
5. The Problems
• Too many consoles and different log formats
- lack of holistic view on overall security postures
- long learning cycle
• Huge amount of data
- hard to manage and review
• Organizational challenges
- different team have different responsibility
- Long response time
• Lack of security professionals in the organization
- Security experts are still expensive and scary
- Lack of incident response methodology
• Don’t know what to do when an incident occurred
- Limited resources
- budgets and resources are always limited
6. Customer Expectation
• Cost Effective Security
• Up-to-date Defense Mechanism
• 24x7 Monitoring and Alert
• Rapid Emergency Response
• Reporting and Analysis
• Technical Expertise
Business threats
Vulnerability
Capability for
companies to
respond
7. How Managed Security
Services Work
Cryptotechno
SOC
Firewall/VPN
Network IDS/IPS
Host IDS
Unified Threat
Management
Routers/Switches
NetFlow Analysis
Devices
MAC Address
Information
Vulnerability
Scanning tools
Windows
Unix
Linux
Mainframe
Antivirus
Applications
Web Servers
Database
Email Servers
Proprietary
Applications
Security and Networking
Devices
Systems and Applications
8. Efficiency of Correlation
Based on one month of actual customer data
620
Security
Events
2
Events Requiring
Immediate Customer
Contact
• Cryptotechno proactively
contacts clients to warn of a
serious security threat (SOC
Security experts)
• Eliminate insignificant events
and report valid events
(Correlation Engine)
• Security threat pattern
identification (Normalize and
input to Correlation Engine)
Events Provided for
Client Review
55
9,481,668
Logs and alerts
generated by firewalls
and IDSs
10. Attack Example
• Most of attackers use the attack sequence:
First to scanning the network and system for security holes
Then launching a Buffer Overflow and Backdoor to the victim
machine and take remote control the machine
13. CryptoRing Service Description
• Monitors device availability and collect
security events from customers’ devices
• Event correlation analysis to distill the
true security incidents
• Real-time email alerting service for
security incident detected
• Weekly scheduled security status and
summary reports through email
• Easy to use reporting web portal for
logon anywhere
14. Benefits
• Protection from device availability, best
practice attacks identification and
advanced organized attack sequence
detection
• Integrated analysis with other security
devices in network for accurately identify
real threats
• Email alerting to keep customer updated
on security status at real-time.
• Easy to read summary and details reports
for intuitive security posture
• Fully Worked with UTM (especially
TippingPoint) Appliances
15. What Customer Will Get
• Weekly Standard Reports
o Comprehensive reports in PDF format
o Deliver to customer automatically
through email
• Web Portal
o Login to generate ad-hoc reports
o Anywhere and anytime
• Email Alert Messages
o Notify customer on security incident in
real-time
18. Weekly Standard Reports
Type Reports Details
Alerts • Weekly Security Alert
Summary
• Alert count by day
• Weekly Alert Trend
• Alert Count by Alert Category (CAT)
• Alert Count by Alert Rule
• Alert CAT 3 – Top 10 Destination (with source and Rule)
• Alert CAT 2 – Top 10 Destination (with source and Rule)
• Alert CAT 1 – Top 10 Destination (with source and Rule)
• Alert CAT 0 – Top 10 Destination (with source and Rule)
Security Events • Weekly Security
Events Summary
• Security Event Count by Day (by Device)
• Weekly Security Event Trend
• Firewall: Top 10 Denied Source
• Anti-Virus: Top 10 Virus, Top 10 Infected Host, Top 10 Email Sender
• IDS/IPS: Top 10 Alert, Top 10 Attack Destination, Top 10 Attack Source
• Web Filtering: Top 10 Blocked Web Domain
• Weekly Device Status
Summary
• Device Up/Down Status by Day
• Device Administrative Login by Day
Usage • Weekly Device Usage
Summary
•Bandwidth: Inbound and Outbound, Top 10 Protocol, Top 10 Source, Top 10
Destination
• Web Proxy: Top 10 Web Access, Top 10 Source
• Email: Top 10 Sender, Top 10 Receiver
19. Web Portal Reports
Type Report Group Details
Alerts • Alert Summary • Last 24 Hours Alert Count by Alert Category (CAT)
• Last 24 Hours Alert Statistics
Security Events • Security Event
Summary
• Last 24 Hours Security Event Statistics
• Last 24 Hours Security Event Statistics by Device
• Last 24 Hours Top 10 Source
• Last 24 Hours Top 10 Destination
• Firewall • Last 24 Hours Firewall Denied Source IP
• Last 24 Hours Firewall Denied Destination IP
• Last 24 Hours Firewall Denied Destination Port
• Last 24 Hours Top 10 Source by Connection Count
• Last 24 Hours Top 10 Destination by Connection Count
• Last 24 Hours Top 10 Destination Port by Connection Count
• Last 24 Hours Top 10 Email Sender
• Last 24 Hours Top 10 Web Client
• Last 24 Hours User Login Success
• Last 24 Hours User Login Failure
20. Web Portal Report
Type Report Group Details
Security
Events
• IDS/IPS • Last 24 Hours Top 10 Source
• Last 24 Hours Top 10 Destination
• Last 24 Hours Top 10 Event
• Anti-Virus • Last 24 Hours Top 10 Virus
• Last 24 Hours Top 10 Infected Host
Usage • Web
• FTP
• Email
• Telnet / SSH
• VPN
• Last 24 Hours Top 10 Source
• Last 24 Hours Top 10 Destination
• Last 24 Hours Top Users
21. Customer would be assigned a login ID where only
her relevant alerts and data would be shown.
Customer Portal Login
22. Portal Dashboard
Dashboard would be shown on main display area after login
by default to provide security posture information to the
customers. Customer can select their desired reports for the
portal display as well.
Main report
display area
User selects
individual reports
from different
groups
23. Alert Summary Reports
These reports display the alerts detected by the
SIMC, you can understand the alert statistics and
distribution of different severities.
24. Event Summary Reports
These reports show the event statistics within a day. The
number of events received within the working days should be
almost the same. If there is abnormal raise of the event
count, you should take further investigation to find out the
cause of this abnormal situation.
25. Virus Reports
These reports display the virus activities detected on
firewalls. Customer can know the most frequent virus
occurred in the firewall. You can also collect the virus
information and distribute this information to all the
system owners to aware of this virus.
26. Firewall Reports
These reports display the destination IP addresses with the
most bandwidth consumption. Usually the IP address listed is
the critical servers in the enterprise such as email server, ftp
server. Customer may find out any IP address that abuse the
Internet link from these reports.
27. IDS / IPS Reports
This report displays the top 10 events detected in
IDS/IPS. Customer can understand the most
frequent IDS/IPS event occurred and judge if further
investigation is required.