Security- en Compliance-monitoring Remco van der Lans Senior Solutions Consultant KPN Security Services
Observaties Inzet verschillende aanvals- en distributiemethoden (Spear) Phishing Besmette bijlagen Gekraakte websites Draagbare media
Gevolgen Digitale inbraak kan leiden tot vervelende situaties Imago Schade Financiële Schade Vertrekkende klanten Diefstal Gegevens Sabotage Processen
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Uitdagingen Zelf maatregelen treffen is complex en kostbaar Internet bandbreedte Mitigatie capaciteit Kostbaar & onderhoudsintensief Traditionele (preventieve) maatregelen blijken onvoldoende Actieve monitoring Kennis & inlichtingen
Snelheid is geboden om impact te minimaliseren Kosten Reageer eerder en sneller Schade Vb: Ransomwareinfectie incident detectie start response Tijd Enkele uren Gemiddeld 243 dagen
Het security portfolio van KPN Identity & Privacy Managed PKI Secure Access & Strong Authentication Secure Communications Anti-DDoS NL Mobile Device Management Cyber Security Security & Compliance Monitoring Vulnerability Management Business Continuity Disaster Recovery Services DR Testing eid Mobile Guard PenTesting DRaaS Secure Identity Secure Information Exchange Incident Response & Forensics Back-up Online eherkenning Secure File Transfer Threat Intelligence Tape Back-Up (MTS) Cloud Identity Secure Network, WLAN, Internet, Communication Werkplek en Telefonie Uitwijk
Scope Threat Detection Vulnerability Management Log Management Unified Security Management 24x7 Security Monitoring Asset Discovery Managed Security Services 24x7 Log Management Log Management, Monitoring, and Archive Security Monitoring Security Incident Management, working in a 24x7 environment and Improve regulatory compliance management Provide visibility into the assets that are being protected Threat Detection Vulnerability Management Provide deeper insight on vulnerabilities Asset Discovery Discovers and assesses potential security risks Log Management Security Monitoring Threat Detection Vulnerability Management Asset Discovery
(VP N) Alarms & Remote adminstra tion (VP N) Alarms & Remote adminstra tion Security Information and Event Management (SIEM) Leverbaar in 2 varianten As a Customer-hosted Service As a Cloud Service KPN Federation Server KPN Federation Server Unified Security Management Appliance Customer Security Data Unified Security Management Appliance Customer Security Data Virtual Appliance (Vmware)
Functional Architecture Application Transections Unified Security Management CUSTOMER Business & Compliance Data Infrastructure Transections Components Security Components Operations KPN SOC Log Management Security Monitoring Threat Detection Vulnerability Management Asset Discovery Unified Security Management SIEM Event Correlation Incident Response Log Collection Netflow Analysis Services Availability Monitoring Network IDS Host IDS File Integrity Monitoring Continuos Vulerability Monitoring Authenticated / Unauthenticated active Scanning Active and Passive Network Scanning Asset Inventory Host-based software inventory
Functional Architecture (Asset Discovery) Asset Discovery First step in IT Security is to get a complete list of the assets Our SIEM features will automatically collect most of the asset information from your network Benefits Identify critical assets for your security program Active asset discovery Passive asset discovery Asset inventory Asset-oriented security Manual asset imports
Functional Architecture (Vulnerability Management) Vulnerability Management Our vulnerability assessment platform enables to run: Authenticated vulnerability scans Unauthenticated vulnerability scans Benefits Reduced risks & costs associated with security incidents and data breaches Continuous vulnerability management Increased awareness of their own systems and future threats making use of Security Intelligence
Security Information and Event Management (SIEM) Functional Architecture (Threat Detection) Benefits Threat Detection Our solution actively monitors for attacks targeting your vulnerable systems. The sensor's network intrusion detection system (IDS) analyses network traffic to detect known attacks, and identify patters of attack methods Our solution also includes a host-based intrusion detection system (HIDS) that will be installed on servers and endpoints Improved security posture with enterprise-wide security intelligence correlating events from IT & business critical applications
Security Information and Event Management (SIEM) Functional Architecture (Security Monitoring) Benefits Security Monitoring Our security monitoring services cover a wide range of operational monitoring solutions. Managed SIEM services 24x7 Incident management Investigation and escalating Incident and compliance reporting A centralized security monitoring model allows the economies of scale to drive costs down, while improving the effectiveness of the security operations and threat intelligence sharing.
Security Information and Event Management (SIEM) Functional Architecture (Security Monitoring) Benefits Log Management Our Services combines network flow analysis, full packet capture, active service monitoring and log collection to leverage anomalies reported buy other elements of the infrastructure Log Management Event Correlation Netflow Collection Availability Monitoring Reduced incident identification time from hours to minutes and streamlined operations further reducing risks & associated costs & improved global security with end to end incident management
Security Information and Event Management (SIEM) Business Case 1: ANNUAL COMPARISON WITH SIEM Prior to SIEM After SIEM % Improvement Benefits Distribution of Benefits Loss of Revenue 900,00 862,54 4,16% 37,46 0,24% Hours / Lost Effort 10.800,00 9.720,00 10,00% 1.080,00 6,87% Problem Solving 10.800,00 1.606,50 85,13% 9.193,50 58,52% Cost of Service Desk 9.000,00 3.600,00 60,00% 5.400,00 34,37% 25,000 20,000 15,000 10,000 5,000,000 Loss of Revenue Hours / Lost Effort Problem Solving Cost of Service Desk 9,72000 1,60650 3,6000 10,8000 10,8000 9,000,86254,9000 Distribution of Benefits 034% 000% 007% 059% Loss of Revenue Hours / Lost Effort Problem Solving Prior to SIEM After SIEM
Security Information and Event Management (SIEM) Business Case 2: Compliancy en Audit rapportage
Security & Compliance Monitoring Continue en beheerde monitoring van uw ICT-infrastructuur en kritieke bedrijfsprocessen Vroegtijdige detectie van cyberaanvallen 7x24 dienstverlening Aantoonbaar compliant zijn Uw data blijft in Nederland Ontzorgen van IT-beheer Log Management Voldoen aan weten regelgeving Historisch overzicht van gebeurtenissen in het netwerk Security Monitoring Slimme verbanden leggen tussen gebeurtenissen 7x24 monitoring van het netwerk op gebeurtenissen Vroegtijdige detectie van aanvallen Compliance Monitoring Afwijkingen van het compliance framework worden automatisch gedetecteerd Risk Based Scoping Methodiek voor een optimale inrichting en aansluiting van de dienst op de behoefte van de klant Neem contact op voor het Try & Buy Security & Compliance Monitoring programma
Vertrouwen en betrouwbaarheid: het DNA van KPN
Bedankt voor uw aandacht Meer weten? Remco van der Lans DATA E: remco.vanderlans@kpn.com L: https://nl.linkedin.com/in/remco-van-der-lans-9789741 W: www.kpn.com/security Check ook de KPN CISO Security Policy App voor ipad: https://itunes.apple.com/nl/app/kpn-ciso/id1122223795?mt=8