Whitepapervault Com

ARMING YOUR SECURITY OPERATIONS CENTER WITH THE RIGHT TECHNOLOGY & SERVICES WWW.WIPRO.COM Gopinathan. K

Security – a key requirement Challenges abound The way forward Essential elements for your Security Operations Center (SOC) Concluding thoughts About the Author Global Infrastructure Services About Wipro IT Services

Security – a key requirement Technology has become the pivot to an organization’s success in today’s demanding business environment. And within that, IT security has assumed significant importance –to handle the compliance and regulatory demands along with the myriad threats and vulnerabilities that businesses are exposed to continuously. The consequence of not allocating this importance can be quite expensive –the recent Sony PlayStation Network incident resulted in damages of $171 million to Sony. Similarly, Citigroup lost $2.7 million to hackers who accessed information of 200, 000 clients illegally. To appreciate the seriousness, consider this finding from PwC – the cost of information security breaches just in the UK was a whopping £5 – £10 billion in 2011. Clearly, the findings from a survey conducted by the Enterprise Strategy Group is no surprise then which states that IT security is among the top five priorities identified by IT professionals for 2012. To compound matters, threats and attacks are only becoming more complex and sophisticated and so a well-equipped Security Operations Center (SOC) with the required security technologies and services is the order of the day. Many enterprises plan to increase security budgets to deal with this situation and enhance the capabilities of their SOC. Arming your security operations center with the right technology & services This whitepaper discusses the importance of IT security for enterprises especially as they deal with challenging business conditions. The consequences of not having proper IT security measures in place can result in substantial losses – both financial as well as intangibles such as diminishing reputation, credibility and so on. It is imperative for enterprises to embark on a holistic security program in their SOC. At the same time, enterprises need to be aware of which technology and service is relevant for their kind of business to get the maximum returns. This paper throws light on this topic too. Challenges abound No doubt that IT security is gaining much needed attention; however, the road ahead is replete with challenges. Most IT security professionals seldom take a holistic view while securing their organization. Typically, they adopt a siloed approach and secure the entire network without paying attention to individual host systems. It is assumed that access controls implemented across the network will, by extension, be sufficient to protect host systems and associated information. Unfortunately, this approach falls short in protecting business and technology services against attacks, threats and vulnerabilities comprehensively. In addition, SOCs today have to contend with not only the physical networks, computers and applications, but extend their purview to the online realm and mobile devices too – no easy task. Verizon’s “2011 Data Breach Investigations Report” reports alarming news that the number of online attacks increased by a factor of five between 2005 and 2010. Plus, there is the issue of mobile malware and anti-theft measures especially with the growing popularity and acceptance of the BYOD trend that needs to be addressed. Some hard facts: • According to McAfee, there were 8 million new kinds of malware more within the space of a quarter in 2012. • Mobile vulnerabilities rose by 93% in 2011 • Estimated losses due to phishing attacks was $687 million in the first half of 2012 as per RSA

The way forward Organizations must view the security portfolio holistically to provide a comprehensive cover enterprise-wide. Consequently, every host whether it is service oriented devices/servers or user oriented workstations, should be considered as a potential target and its vulnerability to attacks assessed. It is therefore essential to consider different technologies and services that can help mitigate these risks. The key technologies and services required in an SOC are as follows: While the security elements introduced above are essential to protect enterprises and meet compliance requirements successfully, the choice and implementation of these technologies depend both on the industry they belong to and the size of the enterprise. For instance, large enterprises require security of a higher order and have stringent compliance requirements such as ISO 27001, SOX, HIPAA, and SAS 70. Such enterprises typically face a large volume of transactions resulting in terabytes of data which has to be managed securely. In specific Basic Security Implementations

Vulnerability and Risk Management and Analysis Integrated Security Matrix and Dashboard Database Activity Monitoring (DAM) Threat Intelligence Network Behaviour Anomaly Detection (NBAD) Anti-Malware Service for Critical Websites Anti-Phishing Service for Critical Websites Security Incident and Event Management Vulnerability Management (VM) Web Application Firewall (WAF) Risk Management cases such as in the financial sector, there is the added complexity of handling sensitive data. Failing to secure critical data can not only result in monetary losses but also lead to intangible consequences such as loss of reputation and credibility which can be equally damaging. Stringent regulations • BFSI – Compliance requirements such as ISO 27001, PCI-DSS, SOX, GLBA, HIPAA, SAS 70 and Regulatory compliances such as RBI, SAMA, FRB, FSA • Telecom – Compliance requirements such as ISO 27001, IEC15408,

A practical framework to determine the right mix of security technology and services for enterprises