6. CIO and SAM partner discussion
Isn’t this just another way for Microsoft to get
data for a True-Up?
A Cybersecurity assessment? Is that like a pen
test? What is in it for me?
What’s the big deal with Cybersecurity, we
are not big or famous like Sony or the US
Federal Government after all?
We are moving to the cloud, doesn’t that just
solve all this Cybersecurity nonsense?
You are a licensing guy, why are you suddenly
qualified to be a Cybersecurity SME?
Answers are contained in the
deck that can be downloaded.
7. For SAM partners:
• Take advantage of a Cybersecurity SAM Engagement as
one step towards having a discussion about larger
customer opportunities (e.g., O365/Azure, Core IO,
Migration to latest OS, Systems Center)
• Broaden the value of a SAM engagement by providing
data that can be rationalized against other internal
data so the customer receives a more integrated view
of their environment.
• Develop a long-term trusted advisor relationship by
establishing credibility and demonstrating customer-
focused problem solving.
• Highlight the overall benefits of incorporating SAM
best practices within the organization.
• Increase customer satisfaction by helping your
customers solve critical business challenges.
8. For customers:
• A foundation for securely managing software assets and
promoting good Cybersecurity hygiene in a holistic,
integrated way.
• A view of the software estate can prepare a resilient IT
infrastructure that can respond to threats, and meet their
agreement obligations.
• Added policies and controls help ensure that a secure IT
infrastructure within the organization provides an
effective defense against attacks.
• Minimizing cyber risks helps organizations decrease costs
from data loss, fraud from theft, loss in revenue, labor,
support, employee downtime, cost to locate and reinstall
lost data, customer support, and negative reputation.
• A solid Cybersecurity program helps to accelerate the
migration to the cloud and adoption of mobile.
9. “Antivirus and security products are designed for and focus on protecting you from prevalent
classes of in the wild… threats coming from criminals, thugs and digital mobsters. It is not
designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that
finds himself in the crosshairs… you're not safe.”
--F-Secure “News from the Lab”, May 30, 2012
10. Traditional IT Modern IT
Script kiddies; Cybercrime Cyber-espionage; Cyber-warfare
Cybercriminals State sponsored actions; Unlimited resources
Attacks on fortune 500 All sectors and even suppliers getting targeted
Software solutions Hardware rooted trust the only way
Secure the perimeter Assume breach; Protect at all levels
Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate?
Company owned and tightly managed devices Bring your own device, varied management
11. Source: The Guardian
“INFORMATION SECURITY BREACHES SURVEY 2014”
“There has been a significant rise in the cost of
individual breaches. The overall cost of security
breaches for all type of organizations has increased.”
“10% of organizations that suffered a breach in the
last year were so badly damaged by the attack that
they had to change the nature of their business.”
Specifically, for small businesses:
• 60% had a security breach
• 59% expect there will be more security incidents
next year
• 33% were attacked by an unauthorized outsider
• 45% had an infection from viruses or malware
• 31% of the worst breaches were caused by human error
• 70% keep their worst security incident under wraps.
So what’s in the news is just the tip of the iceberg.
Key observations:
1. While the number of breaches has decreased, the scale
and cost has nearly doubled.
2. The investment in security as part of total IT budget is
increasing across all sectors.
3. There has been a marked increase in spending on IT
Security in small businesses.
4. Risk-based decisions are being made about the
introduction of mobile devices.
12. The reality is that businesses are far more
exposed running outdated and
unpatched client and server operating
systems:
• Windows XP is 21 times more likely to be
infected by malware than Window 8
• Windows 7 is 6 times more likely to be
infected by malware than Window 8
Running pirated software makes the situation
even worse. Criminals embrace pirated
software because it is:
• Lucrative
• Spreads malware
• Less risky and has a low barrier to entry
As a result, one out of three
computers with counterfeit software
installed will be infected by malware.
13. Cloud
• Designed for Security from
the ground up; Azure
development adheres to
Microsoft’s SDL.
• Adheres to a rigorous set of
Security controls that govern
operations and support.
• Deploys a combination of
preventive, defensive, and
reactive controls.
• Tight access controls on
sensitive data, including
two-factor authentication to
perform sensitive operations.
• Controls that enhance
independent detection of
malicious activity.
• Multiple levels of
monitoring, logging,
and reporting.
• A global, 24x7 incident
response service that
mitigates attacks and
malicious activity
14. Gather preliminary information about
the existing environment, future goals,
and security concerns
Security considerations
Applications, OS,
and data security
Infrastructure
People
Organizational profile
Environment
Cybersecurity
Concerns
Basic information about
the organization
16. A Cybersecurity Assessment will assess the current status using
generally accepted security controls. The assessment will cover
topics such as:
• Authorized and unauthorized devices
• Authorized and unauthorized software
• Secure configurations for hardware and software
• Malware defenses
• Application software security
Increasing the efficiency of each
control raises the success rate of
the defenses in the environment.
19. Assessment finding:
Windows Server 2003 has been discovered
in the Litware IT infrastructure and support
is scheduled to end on July 14, 2015 after
which time no further support will be
provided by Microsoft including security
patches.
This brings to Litware elevated risk from
data loss or malicious attacks, future
problems of incompatible software that may
not run on Windows Server 2003, and
problems meeting certain regulatory
requirements that require fully supported
systems.
20. 11. Limitation and Control of Network Ports,
Protocols and Services
12. Controlled Use of Administrative
Privileges
13. Boundary Defense
14. Maintenance, Monitoring, and Analysis of
Audit Logs
15. Controlled Access Based on the Need to
Know
16. Account Monitoring and Control
17. Data Protection
18. Incident Response and Management
19. Secure Network Engineering
20. Penetration Tests and Red Team Exercises
1. Inventory of Authorized and Unauthorized
Devices
2. Inventory of Authorized and Unauthorized
Software
3. Secure Configurations for Hardware and
Software on Mobile Devices, Laptops,
Workstations, and Servers
4. Continuous Vulnerability Assessment and
Remediation
5. Malware Defenses
6. Application Software Security
7. Wireless Access Control
8. Data Recovery Capability
9. Security Skills Assessment and Appropriate
Training to Fill Gaps
10. Secure Configurations for Network Devices
such as Firewalls, Routers, and Switches
21. 11. Limitation and Control of Network Ports,
Protocols and Services
12. Controlled Use of Administrative Privileges
13. Boundary Defense
14. Maintenance, Monitoring, and Analysis of
Audit Logs
15. Controlled Access Based on the Need to Know
16. Account Monitoring and Control
17. Data Protection
18. Incident Response and Management
19. Secure Network Engineering
20. Penetration Tests and Red Team Exercises
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on
Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and
Remediation
5. Malware Defenses
6. Application Software Security
7. Wireless Access Control
8. Data Recovery Capability
9. Security Skills Assessment and Appropriate Training
to Fill Gaps
10. Secure Configurations for Network Devices such as
Firewalls, Routers, and Switches
22.
23. Basic
The program is tactical at
best and the risks of a
Cybersecurity issue are
significant.
Standardized
The program is proactive
and the risks of a
Cybersecurity issue are
moderate.
Dynamic
The program is strategic and
optimal and the risks of a
Cybersecurity issue are
minimal.
Rationalized
The program is holistic and
fully operational and the
risks of a Cybersecurity issue
are limited.
24. SAM Cybersecurity Assessment Report
• Organization and IT Overview
SAM Cybersecurity Goals
• Summary of Inventory Tools
Cybersecurity Summary
• Critical Security Controls (v5.1)
Current Cybersecurity Maturity Findings and Recommendations
• Current Cybersecurity Maturity Findings
• Cybersecurity Future State and Recommendations
SAM Policies and Procedures for Cybersecurity
25.
26.
27.
28. Review the SAM Cybersecurity Engagement Kit and sample reports
Become familiar with the Critical Security Controls (v5.1)
Prepare to deliver a Cybersecurity Assessment by:
• Obtaining your SAM competency
• Training up a resource to be a credible Cybersecurity SME (e.g., pass CISSP)
• Hiring a resource with Cybersecurity skills and certifications; or by
• Partnering with Microsoft or a Microsoft Partner for deeper Cybersecurity expertise
30. Key Services
Providing a current / future state analysis of Cybersecurity for a Hybrid IT
environment (on-premises, Cloud, Mobile).
Using IT discovery tools, provide a roadmap for migrating to “Modern IT”
using Office 365, SQL Database, and the Azure platforms.
Starting with a detailed Application Cloud Readiness Assessment (ACRA) and
using our tools and offshore Azure resources, we evaluate, re-architect and
remediate apps to run effectively in Azure.
Assessment, Remediation,
and Monitoring Tools
Using IT inventory data from discovery tools like MAP, the
Assessor tool creates a Data Center Modernization Report on
what a Modern IT environment will look like once Office 365,
SQL Azure and Azure platforms (IaaS / PaaS) are used.
Using static code analysis, SQL scripts and configuration data,
the Validator tool analyzes and recommends changes down to
the code block level dramatically reducing remediation time
even suggesting sample code to accelerate the remediation
effort.
Navigator serves as the repository for the suite of tools to
allow Services settings and coding best practices to remain in
sync in both the Dev/Test and production environments to
minimize IT risk. Navigator is updated as Azure features and
settings are enhanced.
Once applications are deployed into an Azure subscription, the
Monitor tool scans Azure-based applications for out of
compliance conditions against policy and standards as new
Azure features are released, applications are upgraded, and
Cloud IT policies evolve.
Accelerating Azure adoption and driving
consumption in FY16 through migration and
risk management tools and services.
As a Microsoft Cloud, Cybersecurity
and SAM partner, UnifyCloud LLC has
developed tools and related services
focusing on the key sales motion
scenarios for FY16 including:
• Transform the Datacenter
• Enable Application Innovation
• Unlock Data Insights
• Ensure IT Security & Controls
Perspectives on the session title:
Mitigating Customer Risk
Cybersecurity
SAM Engagement
Hi, I am Norm Barber….
Joining me is Don Morrison,
18
Key Points:
The first step is to find out more about your organization and any concerns regarding the security of your environment. We will cover topics such as:
Organizational Profile: What are your cybersecurity concerns? What are your objectives from the engagement? What level of risk tolerance do you have? Were there any recent cyber security incidents you had to deal with? In those incidents what have you realized that you were not able to do? What did you miss the most?
Basic Information: How many clients and servers are in the organization? What processes are already in place to manage software and other assets?
Infrastructure Security: Do employees work remotely? Do external contractors access your network?
Applications Security: Does the company develop applications? Does it store sensitive data processed by those applications?
Operations Security: Does the corporate network connect to external networks? Does the organization receive data feeds from external parties?
People Security: Does the company outsource computer maintenance? Can employees download sensitive company data to your workstations?
Environment: How many employees are in the organization? Is there high turnover in the IT department?
Key Points:
In the initial part of the engagement, we will discuss your organization’s future goals and objectives.
After establishing an organization’s goals and objectives, the next step of a Cybersecurity SAM engagement is to develop a clear understanding of the current state of the software assets in your environment. This information will provide the basis for the cybersecurity assessment.
Key Points:
As part of the assessment, we will:
Explain the control and talk about what it covers.
Assess your current status relative to each control
Provide you with recommendations on related Microsoft service and product offerings
Note to presenter: Add recommendations on any additional services that your organization can also provide as a follow up from the engagement.
Further details:
Authorized and Unauthorized Devices: This control covers the Hardware Asset Management aspect of ITAM and is a critical control to implement. It recommends the usage of a hardware asset inventory management system to keep track of any changes to the IT hardware assets and also recommends that the introduction of new hardware to a network updates this system automatically. Also covered in this control is the authentication and authorization of devices and systems when they are accessing the network infrastructure.
Authorized and Unauthorized Software: Software Inventory management can be mapped to Software Asset Management. In this control, partners should recommend to customers best practices around SAM, how to implement mature SAM processes in place, and tools guidance should be provided.
Secure Configurations for Hardware and Software: The right configuration for deployed software and its interactions in a network goes a long way in stopping and/or slowing down threats. This control covers the discussions around making sure configuration management is maintained and templates are configured for different user scenario and workloads. Configuration management also covers areas around change control processes.
Malware Defenses: Unauthorized execution of malicious software in the environment should be prevented with strong Antivirus (AV) defenses configured in the environment. A deployed but unmanaged antivirus solution does little to protect an environment. All reports and activity updates from AV software consoles and alert messages generated by these software should be monitored and reviewed.
Application Software Security: Application software security relates to the security of any software developed in-house in the customer environment. Any software that will receive input from external users in the form of direct or indirect interaction should be developed with secure development principles.
Executive Overview Report. This report contains and Executive Summary, summary of project background and scope, engagement results, recommendations and next steps.
Microsoft Deployment, Usage and Entitlement Analysis Reports:
The Established Deployment Position (EDP) spreadsheet (NOTE: Defined in “Deliverables to Microsoft” section below.)
The Effective License Position (ELP) spreadsheet (NOTE: Defined in “Deliverables to Microsoft” section below.)
Cybersecurity Assessment Report. This report must contain at a minimum:
Assessment of the Customer’s overall Cybersecurity state, in relation to their current IT infrastructure
Cybersecurity roadmap to assist the Customer in better protecting their IT assets, including all business, licensing and technology guidance
Assessment of Customer’s cybersecurity-related SAM policies and procedures strengths, weaknesses and areas of opportunity, including recommendations for improvement
Advice on how to engage with a cybersecurity professional, if needed, and a list of additional resources on cybersecurity, such as the Council on Cybersecurity, that would benefit the customer
Licensing Optimization Recommendations Report. This report must contain the risks, liabilities and issues associated with the current licensing practices and prioritized recommendations on how to better manage their licenses to minimize risks in the future. The report should also contain, but is not limited to:
Identification of all of Customer’s Volume License Agreements (VLAs) with Microsoft and a recommendation on any beneficial consolidation
Consumption information, detailing installed products that are unused or under-utilized (e.g., no use in last six months)
Recommendations on repeatable, simplified inventory collection process for future True-ups (for Enterprise Agreement customers only)
Additional Customer-specific recommendations based on captured data and insights
Perspectives on the session title:
Mitigating Customer Risk
Cybersecurity
SAM Engagement
Hi, I am Norm Barber….
Joining me is Don Morrison,