SlideShare uma empresa Scribd logo

Bit defender ebook_secmonitor_print

J
james morris

My project

Design
1 de 20
Baixar para ler offline
Continuous Security Monitoring in a Continuous World Threats are moving quickly, so cybersecurity efforts need to keep up.
Page 2 The massive moving forces of innovation and security threats today are crushing the average enterprise IT department. The Twin Forces of Change in IT On one side, the evolution of network systems continues to accelerate at lightning speed. Cloud, virtualization, containerization, big data analytics, mobility, and the Internet of Things are now constantly rewriting the rules of connectivity and data governance. On the other, attackers seek to keep enterprises on their back feet by changing their techniques just as rapidly, if not more so. On their own, each of these dynamic forces would be painful to contend with. Together, these parallel trends threaten the entire enterprise’s bottom line. The only way for IT to adapt their networks to the twin forces of change in technology is to ensure that security evolves just as quickly as the infrastructure and the threats. The only way for this kind of dynamic security to take hold is through continuous security monitoring.
Page 3 As you know, today’s enterprises are highly virtualized, with servers and applications continuously being integrated, deployed, and updated. Workloads shift from public cloud infrastructure to on-premise storage systems and back again, while your users are connecting new and more devices every day. Couple those agile and ever-changing systems with an increased likelihood of security-related errors with skilled and persistent attackers and the risk of breached and disrupted systems increase dramatically. With all those factors considered, it becomes undeniable to conclude that manual security measures just can’t ensure that systems and applications remain managed in line with internal security policies and hardened against attack. Additionally, modern IT environments, such as DevOps, means applications and infrastructure changes more rapidly than ever before. As fast as systems are being developed, deployed, and updated, then security checks need to be run in parallel and just as swiftly. Gone are the days of running monthly security assessments. This is the only way that enterprises can expect to successfully defend themselves against attackers now.
Page 4 The lessons of recent cybersecurity history are also unambiguous: Compliance-driven and reactive information security efforts will not succeed at mitigating system vulnerabilities and threats to a tolerable state. Networked business-technology assets need to be inventoried, configured, and maintained; their vulnerabilities must be identified and mitigated; and they need to be vetted constantly for signs of malware and compromise. If these processes can’t be automated, they can’t be managed successfully. But it can be daunting to figure out where or how to start a Continuous Security Monitoring (CSM) effort. Some enterprises try to tackle too much at once, and give up once they start. Others decide it is too overwhelming, and they don’t start at all. That’s not good, but it’s why we wrote this guide.
While CSM hasn’t necessarily taken hold of the mainstream, there are plenty of thought leaders in both private and government sectors who realize the importance of automating and monitoring as many security processes as possible. They understand that this kind of automation not only reduces data breach risks but makes it possible to identify and stop potential attacks when suspicious activities are spotted. These folks have lead the way in developing a number of excellent resources and frameworks that can help you get going on the path to continuous monitoring. Start Building Momentum with a Framework Page 5 GET STARTED WITH NIST One great place to get started is the NIST Special Publication Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. Most of the advice is applicable to all large enterprises, not just government environments and provides extremely helpful guidance. PCI IS ALSO HELPFUL Another area where CSM has gained traction is in the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is also a broad set of security controls, but is aimed at protecting payment cardholder data. PCI DSS also stresses the ability to understand the daily system and application changes within any aspect of the enterprise. CDM Framework One effort that is well underway is the U.S. government’s Continuous Diagnostics and Mitigation (CDM) program. The CDM program originated in the U.S. Department of Homeland Security and was created by Congress, CDM provides both federal departments and agencies what they need to know to put into place effective continuous security controls. CDM is a standardized way for federal entities to manage the threats and vulnerabilities that matter, based on potential and likelihood of impact. Also, unlike FISMA, which has been widely criticized for being an exercise in security paper shuffling and check boxing, CDM aims to help U.S. federal organizations better protect users, software, networks, and infrastructure by continuously examining their information technology systems for vulnerabilities and threats.
Page 6 SOURCE: U.S. Department of Homeland Security Last Published Date: November 6, 2015 The Three Primary Phases of Continuous Diagnostics and Mitigation PHASE 1: Identify and Manage Assets PHASE 2: Least Privilege and Infrastructure Integrity PHASE 3: Boundary Protection and Event Management for Managing the Security Lifecycle HWAM Hardware Asset Management TRUST Access Control Management (Trust in People Granted Access) PLAN Plan for Events SWAM Software Asset Management BEHV Security-Related Behavior Management RESPOND Respond to Events CSM Configuration Settings Management CRED Credentials and Authentication Management AUDIT/MONITOR Generic Audit/Monitoring VUL Vulnerability Management PRIV Privileges DOCUMENT Document Requirements, Policy, etc. Boundary Protection (Network, Physical, Virtual) QM Quality Management RISK MANAGEMENT
The government isn’t moving alone. The private sector is also embracing CSM frameworks in areas such as continuous improvement and automated testing in DevOps and the automating of the SANS 20 Critical Controls. Many enterprises are turning to the SANS 20 Critical Controls and using them to automate asset management, configuration management, vulnerability management, anti-malware, and data loss prevention, among other controls. The effort was informed by a number of international organizations and U.S. agencies and is currently managed within the SANS Institute. SANS 20 Critical Controls Page 7 SOURCE: SANS Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges Boundary Defense Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know Account Monitoring and Control Data Protection Incident Response and Management Secure Network Engineering Penetration Tests and Red Team Exercises
Regardless of the framework you choose, there are typically five key components to an effective continuous monitoring program. As you build out your toolset to move toward continuous monitoring, keep in mind that this doesn’t have to be a complete transformation. In many cases you’re probably already using many of these tools in your information security program. 5 Key Components Of Continuous Security Monitoring Page 8 Asset Management Configuration Management Vulnerability Management Access Control Incident Response
Page 9 These include simple inventory management and asset- auditing software that is used to identify all authorized hardware and is able to quickly identify unauthorized hardware. Asset management software comprises all of the tools used to manage and inventory corporate owned and used devices and applications. It is highly unlikely that any unauthorized devices are managed to any enterprise security policy. They are likely not only vulnerable to being breached, but already are breached. It’s imperative that they be identified and either brought to policy standard or removed from the network. Asset Management
Page 10 Your software configuration management process is how you identify software and system configurations, and either confirm that they are being managed to policy or are deficient and need to be corrected. Certainly, misconfigurations of IT assets need to be kept down to a minimum. Your attackers will scan your systems looking for such misconfigured assets and take advantage of them to gain a foothold on the network. Even if those vulnerable systems are not their primary target, they will infiltrate and use it as a foothold to dig deeper. Configuration Management
Page 11 Here, you assess for software vulnerabilities within your networked devices, remedy those that are identified (especially the critical level vulnerabilities) and then test that patches and updates have been successfully applied. Hopefully, if you run an enterprise of any size, you have a vulnerability management program in place. Software weaknesses are a common way through which adversaries seek to try to gain entry onto networked devices. Vulnerability Management
Page 12 Good access control is critical to success. The size and scope of these efforts are largely determined by the size of the enterprise, number of employees, and services they need access to. This typically includes everything from physical building and data center access to providing enterprise resources such as phones, desks, email, etc. and everything in- between. These are the processes to automate the management of provisioning and de- provisioning of users and devices to the network, system, and enterprise resources. This also includes the automated management and monitoring of identity access privileges (no greater authority for access than is necessary) and super user access, such as that being required for administrative rights. Access Control
For this, enterprises need to automate the detection of breaches as much as possible, and have the response in place to respond to the degree necessary. Some breaches may require little manual response, perhaps pushing a new machine image out to an endpoint. Other breaches may require extensive forensics analysis and remediation and cleansing effort. If an enterprise is going to be looking for indicators of breach and compromise, it needs to have effective ways to swiftly and adequately deal with those incidents. Page 13 Incident Response
Page 14 This will likely be a combination of existing toolsets, some snappy API and integration work, and maybe even building new custom tools. Pulling the technology together: Continuous Security Monitoring Platform Enterprises that embark on the path to continuous security monitoring are going to be collecting and managing a lot of data. A lot of data. These will be coming from network monitoring tools, intrusion detection systems, management consulters, compliance and configuration management toolsets, and so forth. You will need a way to collect this data, analyze it, visualize it, and actually respond to it.
In interviews with CISOs, many enterprises turn to their vulnerability management systems, which track a lot of system vulnerabilities, networked assets, and confirmation settings. Others have turned to the security and information management systems, configuration management systems, and log management systems. And as these programs are built out, most of these tools are used in conjunction with their outputs fed to data analysis and dashboard tools. Realistically, as you build your CSM program out, you will have various siloed sets of information that, over time, you will pull together and build an actual real- time ability to continuously monitor and react to system conditions. Page 15
Page 16 Where do you start automating your CSM program? There are many approaches, such as automating what you currently have the tools to automate: regular vulnerability assessments, patch and antimalware updates, reporting and alerting, and so on. Another way is to identify the most critical assets and continuously monitor those and, over time, build that program out to the rest of the organization. Some enterprises are automating based on the federal CDM, others PCI DSS (for payment card data), and still others are looking at automating the 20 Critical Security Controls. The 20 Critical Controls was made specifically for IT security professionals and provides straightforward, risk-based, implementation guidance. Automate everything you can, and then automate more Focus on continuous monitoring to test and evaluate remediation Provide common metrics that all stakeholders can understand Automate processes Use knowledge of actual attacks to build defenses These controls stand on four pillars:
Page 17 That includes automating the maintenance of authorized and unauthorized device asset inventory, software, security device configurations, and continuous vulnerability assessment and remediation. Organizations report that the 20 Critical Controls are very effective at helping them to select the right security technologies and then implement, configure, monitor, and manage a better information security program. And the critical controls of course strongly encourage automating controls enforcement wherever possible.
Page 18 So, where do you begin your continuous security monitoring efforts? When looking at your environment in its entirety, with an eye toward monitoring everything all of the time, it can appear overwhelming. And the reality is that you can’t start monitoring everything all at once. Choices need to be made about where to start: endpoints, servers, and applications need the most oversight and where a breach would cause the most damage. This is why, when deciding where to start your continuous monitoring efforts, the first place to look could be where those who would attack you also may look first. What data or resources would attackers most likely want to target? Is it your intellectual property? The customer data you hold? Perhaps you won’t be the direct target; the attackers may be looking to infiltrate high- value partners. Your security teams need to begin monitoring your most valued assets for potential attack paths. This includes network and system logs, and traffic, looking for anomalous behavior, as well as your system configurations. Attackers aren’t the only threat. The risks around regulatory compliance also rise in rapidly changing environments. Here, you need to take inventory of your assets and applications that touch regulated data. For compliance, you will need to consider continuously monitoring your asset configurations and event logs for any deviations from your compliance and security policy. Getting started with CSM
The key is to focus on monitoring and protecting the most important assets and applications. You’ll need to work closely with audit and compliance teams, operations teams, business application owners, and security teams to identify these assets. Essentially, aim to identify the most critical and valuable systems and data, as well as those that fall under the purview of regulatory compliance, and start your continuous monitoring efforts there. When implementing continuous security and regulatory compliance monitoring of your high-value assets, include their configurations, the status of security technologies such as anti-malware, network and application firewalls, data leak prevision technologies, etc. From here, you are going to need to automate as many of your security controls as you can, while also monitoring their configurations to ensure that they are managed consistently across all environments. Are your network configurations identical from one cloud to another? Do your wireless LANs have the same security posture? Are those servers classified at the same risk levels set to similar security configurations? And so on. In this way automation will help you to attain consistency throughout your environment. Page 19
CONCLUSION About Bitdefender Building an effective CSM program isn’t something that will happen overnight. But, as you automate certain processes,youjustneedtomakecertainthoseprocesses remain automated and in good shape. Use the time saved to automate the next set of security processes and feed the status into a dashboard or, initially, a set of dashboards. In time, you will eventually automate your entire program. So what will this continuous security and regulatory compliance monitoring do for you? Plenty, when it comes to building a resilient environment. When continuously deploying new applications, you will be introducing new mistakes into the environment and by continuously monitoring your environment, you’ll be finding new security errors as they are introduced. So, while you will be moving as quickly as you can, you will be bringing your security efforts with your CSM program. Bitdefender is a global security technology company that delivers solutions in more than 100 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning business and consumer security technology, and is a leading security provider in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has elevated the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with the world’s leading virtualization and cloud technology providers.     www.bitdefender.com www.bitdefender.com/business businessinsights.bitdefender.com

Recomendados

Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 

Recomendados

Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
Fahd Khan
 
201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep
Allan Crowe PCIP
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
Anton Chuvakin
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
Valiant Technology
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
Laura Martin
 

Mais conteúdo relacionado

Mais procurados

ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
Fahd Khan
 
201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep
Allan Crowe PCIP
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 

Mais procurados (20)

ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 

Semelhante a Bit defender ebook_secmonitor_print

Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
Laura Martin
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 

Semelhante a Bit defender ebook_secmonitor_print (20)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 

Último

Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
home
 
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation deck
tbatkhuu1
 
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
amitlee9823
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
poojakaurpk09
 
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
amitlee9823
 
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
Delhi Call girls
 
Design Inspiration for College by Slidesgo.pptx
Design Inspiration for College by Slidesgo.pptxDesign Inspiration for College by Slidesgo.pptx
Design Inspiration for College by Slidesgo.pptx
TusharBahuguna2
 
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
sonalitrivedi431
 
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
nirzagarg
 
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
kumaririma588
 
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Call Girls in Nagpur High Profile
 
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
Nitya salvi
 
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
amitlee9823
 
Hire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
Hire 💕 8617697112 Meerut Call Girls Service Call Girls AgencyHire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
Hire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
Nitya salvi
 

Último (20)

Q4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentationQ4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentation
 
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
 
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Basapura ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation deck
 
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
HiFi Call Girl Service Delhi Phone ☞ 9899900591 ☜ Escorts Service at along wi...
 
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
RT Nagar Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
 
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
call girls in Kaushambi (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝...
 
Design Inspiration for College by Slidesgo.pptx
Design Inspiration for College by Slidesgo.pptxDesign Inspiration for College by Slidesgo.pptx
Design Inspiration for College by Slidesgo.pptx
 
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
💫✅jodhpur 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATISFACT...
 
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
Nisha Yadav Escorts Service Ernakulam ❣️ 7014168258 ❣️ High Cost Unlimited Ha...
 
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Nagavara ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 105, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
Verified Trusted Call Girls Adugodi💘 9352852248 Good Looking standard Profil...
 
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
 
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
❤Personal Whatsapp Number 8617697112 Samba Call Girls 💦✅.
 
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Dakshinpuri (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
 
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Jigani Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
 
Hire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
Hire 💕 8617697112 Meerut Call Girls Service Call Girls AgencyHire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
Hire 💕 8617697112 Meerut Call Girls Service Call Girls Agency
 

Bit defender ebook_secmonitor_print

  • 1. Continuous Security Monitoring in a Continuous World Threats are moving quickly, so cybersecurity efforts need to keep up.
  • 2. Page 2 The massive moving forces of innovation and security threats today are crushing the average enterprise IT department. The Twin Forces of Change in IT On one side, the evolution of network systems continues to accelerate at lightning speed. Cloud, virtualization, containerization, big data analytics, mobility, and the Internet of Things are now constantly rewriting the rules of connectivity and data governance. On the other, attackers seek to keep enterprises on their back feet by changing their techniques just as rapidly, if not more so. On their own, each of these dynamic forces would be painful to contend with. Together, these parallel trends threaten the entire enterprise’s bottom line. The only way for IT to adapt their networks to the twin forces of change in technology is to ensure that security evolves just as quickly as the infrastructure and the threats. The only way for this kind of dynamic security to take hold is through continuous security monitoring.
  • 3. Page 3 As you know, today’s enterprises are highly virtualized, with servers and applications continuously being integrated, deployed, and updated. Workloads shift from public cloud infrastructure to on-premise storage systems and back again, while your users are connecting new and more devices every day. Couple those agile and ever-changing systems with an increased likelihood of security-related errors with skilled and persistent attackers and the risk of breached and disrupted systems increase dramatically. With all those factors considered, it becomes undeniable to conclude that manual security measures just can’t ensure that systems and applications remain managed in line with internal security policies and hardened against attack. Additionally, modern IT environments, such as DevOps, means applications and infrastructure changes more rapidly than ever before. As fast as systems are being developed, deployed, and updated, then security checks need to be run in parallel and just as swiftly. Gone are the days of running monthly security assessments. This is the only way that enterprises can expect to successfully defend themselves against attackers now.
  • 4. Page 4 The lessons of recent cybersecurity history are also unambiguous: Compliance-driven and reactive information security efforts will not succeed at mitigating system vulnerabilities and threats to a tolerable state. Networked business-technology assets need to be inventoried, configured, and maintained; their vulnerabilities must be identified and mitigated; and they need to be vetted constantly for signs of malware and compromise. If these processes can’t be automated, they can’t be managed successfully. But it can be daunting to figure out where or how to start a Continuous Security Monitoring (CSM) effort. Some enterprises try to tackle too much at once, and give up once they start. Others decide it is too overwhelming, and they don’t start at all. That’s not good, but it’s why we wrote this guide.
  • 5. While CSM hasn’t necessarily taken hold of the mainstream, there are plenty of thought leaders in both private and government sectors who realize the importance of automating and monitoring as many security processes as possible. They understand that this kind of automation not only reduces data breach risks but makes it possible to identify and stop potential attacks when suspicious activities are spotted. These folks have lead the way in developing a number of excellent resources and frameworks that can help you get going on the path to continuous monitoring. Start Building Momentum with a Framework Page 5 GET STARTED WITH NIST One great place to get started is the NIST Special Publication Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. Most of the advice is applicable to all large enterprises, not just government environments and provides extremely helpful guidance. PCI IS ALSO HELPFUL Another area where CSM has gained traction is in the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is also a broad set of security controls, but is aimed at protecting payment cardholder data. PCI DSS also stresses the ability to understand the daily system and application changes within any aspect of the enterprise. CDM Framework One effort that is well underway is the U.S. government’s Continuous Diagnostics and Mitigation (CDM) program. The CDM program originated in the U.S. Department of Homeland Security and was created by Congress, CDM provides both federal departments and agencies what they need to know to put into place effective continuous security controls. CDM is a standardized way for federal entities to manage the threats and vulnerabilities that matter, based on potential and likelihood of impact. Also, unlike FISMA, which has been widely criticized for being an exercise in security paper shuffling and check boxing, CDM aims to help U.S. federal organizations better protect users, software, networks, and infrastructure by continuously examining their information technology systems for vulnerabilities and threats.
  • 6. Page 6 SOURCE: U.S. Department of Homeland Security Last Published Date: November 6, 2015 The Three Primary Phases of Continuous Diagnostics and Mitigation PHASE 1: Identify and Manage Assets PHASE 2: Least Privilege and Infrastructure Integrity PHASE 3: Boundary Protection and Event Management for Managing the Security Lifecycle HWAM Hardware Asset Management TRUST Access Control Management (Trust in People Granted Access) PLAN Plan for Events SWAM Software Asset Management BEHV Security-Related Behavior Management RESPOND Respond to Events CSM Configuration Settings Management CRED Credentials and Authentication Management AUDIT/MONITOR Generic Audit/Monitoring VUL Vulnerability Management PRIV Privileges DOCUMENT Document Requirements, Policy, etc. Boundary Protection (Network, Physical, Virtual) QM Quality Management RISK MANAGEMENT
  • 7. The government isn’t moving alone. The private sector is also embracing CSM frameworks in areas such as continuous improvement and automated testing in DevOps and the automating of the SANS 20 Critical Controls. Many enterprises are turning to the SANS 20 Critical Controls and using them to automate asset management, configuration management, vulnerability management, anti-malware, and data loss prevention, among other controls. The effort was informed by a number of international organizations and U.S. agencies and is currently managed within the SANS Institute. SANS 20 Critical Controls Page 7 SOURCE: SANS Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges Boundary Defense Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know Account Monitoring and Control Data Protection Incident Response and Management Secure Network Engineering Penetration Tests and Red Team Exercises
  • 8. Regardless of the framework you choose, there are typically five key components to an effective continuous monitoring program. As you build out your toolset to move toward continuous monitoring, keep in mind that this doesn’t have to be a complete transformation. In many cases you’re probably already using many of these tools in your information security program. 5 Key Components Of Continuous Security Monitoring Page 8 Asset Management Configuration Management Vulnerability Management Access Control Incident Response
  • 9. Page 9 These include simple inventory management and asset- auditing software that is used to identify all authorized hardware and is able to quickly identify unauthorized hardware. Asset management software comprises all of the tools used to manage and inventory corporate owned and used devices and applications. It is highly unlikely that any unauthorized devices are managed to any enterprise security policy. They are likely not only vulnerable to being breached, but already are breached. It’s imperative that they be identified and either brought to policy standard or removed from the network. Asset Management
  • 10. Page 10 Your software configuration management process is how you identify software and system configurations, and either confirm that they are being managed to policy or are deficient and need to be corrected. Certainly, misconfigurations of IT assets need to be kept down to a minimum. Your attackers will scan your systems looking for such misconfigured assets and take advantage of them to gain a foothold on the network. Even if those vulnerable systems are not their primary target, they will infiltrate and use it as a foothold to dig deeper. Configuration Management
  • 11. Page 11 Here, you assess for software vulnerabilities within your networked devices, remedy those that are identified (especially the critical level vulnerabilities) and then test that patches and updates have been successfully applied. Hopefully, if you run an enterprise of any size, you have a vulnerability management program in place. Software weaknesses are a common way through which adversaries seek to try to gain entry onto networked devices. Vulnerability Management
  • 12. Page 12 Good access control is critical to success. The size and scope of these efforts are largely determined by the size of the enterprise, number of employees, and services they need access to. This typically includes everything from physical building and data center access to providing enterprise resources such as phones, desks, email, etc. and everything in- between. These are the processes to automate the management of provisioning and de- provisioning of users and devices to the network, system, and enterprise resources. This also includes the automated management and monitoring of identity access privileges (no greater authority for access than is necessary) and super user access, such as that being required for administrative rights. Access Control
  • 13. For this, enterprises need to automate the detection of breaches as much as possible, and have the response in place to respond to the degree necessary. Some breaches may require little manual response, perhaps pushing a new machine image out to an endpoint. Other breaches may require extensive forensics analysis and remediation and cleansing effort. If an enterprise is going to be looking for indicators of breach and compromise, it needs to have effective ways to swiftly and adequately deal with those incidents. Page 13 Incident Response
  • 14. Page 14 This will likely be a combination of existing toolsets, some snappy API and integration work, and maybe even building new custom tools. Pulling the technology together: Continuous Security Monitoring Platform Enterprises that embark on the path to continuous security monitoring are going to be collecting and managing a lot of data. A lot of data. These will be coming from network monitoring tools, intrusion detection systems, management consulters, compliance and configuration management toolsets, and so forth. You will need a way to collect this data, analyze it, visualize it, and actually respond to it.
  • 15. In interviews with CISOs, many enterprises turn to their vulnerability management systems, which track a lot of system vulnerabilities, networked assets, and confirmation settings. Others have turned to the security and information management systems, configuration management systems, and log management systems. And as these programs are built out, most of these tools are used in conjunction with their outputs fed to data analysis and dashboard tools. Realistically, as you build your CSM program out, you will have various siloed sets of information that, over time, you will pull together and build an actual real- time ability to continuously monitor and react to system conditions. Page 15
  • 16. Page 16 Where do you start automating your CSM program? There are many approaches, such as automating what you currently have the tools to automate: regular vulnerability assessments, patch and antimalware updates, reporting and alerting, and so on. Another way is to identify the most critical assets and continuously monitor those and, over time, build that program out to the rest of the organization. Some enterprises are automating based on the federal CDM, others PCI DSS (for payment card data), and still others are looking at automating the 20 Critical Security Controls. The 20 Critical Controls was made specifically for IT security professionals and provides straightforward, risk-based, implementation guidance. Automate everything you can, and then automate more Focus on continuous monitoring to test and evaluate remediation Provide common metrics that all stakeholders can understand Automate processes Use knowledge of actual attacks to build defenses These controls stand on four pillars:
  • 17. Page 17 That includes automating the maintenance of authorized and unauthorized device asset inventory, software, security device configurations, and continuous vulnerability assessment and remediation. Organizations report that the 20 Critical Controls are very effective at helping them to select the right security technologies and then implement, configure, monitor, and manage a better information security program. And the critical controls of course strongly encourage automating controls enforcement wherever possible.
  • 18. Page 18 So, where do you begin your continuous security monitoring efforts? When looking at your environment in its entirety, with an eye toward monitoring everything all of the time, it can appear overwhelming. And the reality is that you can’t start monitoring everything all at once. Choices need to be made about where to start: endpoints, servers, and applications need the most oversight and where a breach would cause the most damage. This is why, when deciding where to start your continuous monitoring efforts, the first place to look could be where those who would attack you also may look first. What data or resources would attackers most likely want to target? Is it your intellectual property? The customer data you hold? Perhaps you won’t be the direct target; the attackers may be looking to infiltrate high- value partners. Your security teams need to begin monitoring your most valued assets for potential attack paths. This includes network and system logs, and traffic, looking for anomalous behavior, as well as your system configurations. Attackers aren’t the only threat. The risks around regulatory compliance also rise in rapidly changing environments. Here, you need to take inventory of your assets and applications that touch regulated data. For compliance, you will need to consider continuously monitoring your asset configurations and event logs for any deviations from your compliance and security policy. Getting started with CSM
  • 19. The key is to focus on monitoring and protecting the most important assets and applications. You’ll need to work closely with audit and compliance teams, operations teams, business application owners, and security teams to identify these assets. Essentially, aim to identify the most critical and valuable systems and data, as well as those that fall under the purview of regulatory compliance, and start your continuous monitoring efforts there. When implementing continuous security and regulatory compliance monitoring of your high-value assets, include their configurations, the status of security technologies such as anti-malware, network and application firewalls, data leak prevision technologies, etc. From here, you are going to need to automate as many of your security controls as you can, while also monitoring their configurations to ensure that they are managed consistently across all environments. Are your network configurations identical from one cloud to another? Do your wireless LANs have the same security posture? Are those servers classified at the same risk levels set to similar security configurations? And so on. In this way automation will help you to attain consistency throughout your environment. Page 19
  • 20. CONCLUSION About Bitdefender Building an effective CSM program isn’t something that will happen overnight. But, as you automate certain processes,youjustneedtomakecertainthoseprocesses remain automated and in good shape. Use the time saved to automate the next set of security processes and feed the status into a dashboard or, initially, a set of dashboards. In time, you will eventually automate your entire program. So what will this continuous security and regulatory compliance monitoring do for you? Plenty, when it comes to building a resilient environment. When continuously deploying new applications, you will be introducing new mistakes into the environment and by continuously monitoring your environment, you’ll be finding new security errors as they are introduced. So, while you will be moving as quickly as you can, you will be bringing your security efforts with your CSM program. Bitdefender is a global security technology company that delivers solutions in more than 100 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning business and consumer security technology, and is a leading security provider in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has elevated the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with the world’s leading virtualization and cloud technology providers.     www.bitdefender.com www.bitdefender.com/business businessinsights.bitdefender.com