Ethical Hacking Customer Presentation
advertisement
BT Managed Security Solutions Service Overview for Financials: The Most Beautiful Target Measure, Monitor, Protect, Advise James McCarthy james.mccarthy@bt.com La estructura organizativa de BT • +100.000 employees • Revenues 09/10: +31.200 M$ • The biggest R&D Center in ITC in Europe – Grupo BT Adastral Park BT Global Services BT Latam Global Banking and Financial Markets • Gartner Leader Quadrant – Worldwide Managed and Professional Network Service Providers • 37.000 professionals providing consultancy services, managed services and supporting our customers in +170 countries • Revenues 09/10: +12.700 M$ • Dedicated Solutions and Managed Services to the Finance and Insurance Sector • One of the most profitable regions and with the highest growth potential Our Operations in the Region Some of our customers in the region pasió por clientes nuestros n The Most Beautiful Target…Why? 1. Lots of Captive Users 2. A Trusted Partner / Brand For Those Users 3. Hundreds of Thousands of Transactions – Typically in Small Monetary Increments 5 The Most Beautiful Target…and How BT Protects You… …Panda Security’s anti-malware laboratory, has discovered that hackers are creating 57,000 new websites each week that exploit approximately 375 high-profile brand names worldwide… Findings By Customer: 1. eBay – 23.21 percent 2. Western Union – 21.15 percent 3. Visa – 9.51 percent 4. United Services Automobile Association – 6.85 percent 5. HSBC – 5.98 6. Amazon – 2.42 percent 7. Bank of America – 2.29 percent 8. PayPal – 1.77 percent 9. Internal Revenue Service – 1.69 percent 10. Bendigo Bank – 1.38 percent 6 The Most Beautiful Target…Breach Numbers are Growing… From PrivacyRights.ORG Limited Search Breaches currently displayed: Breach Types: HACK Organization Types: BSF Years: 2010 235,373 Records in our database from. 10 Breaches made public fitting this criteria (All US Financials) 7 Introducing BT’s Managed Security Solutions For Financials 8 BT’s proposition areas Secure applications and information Secure network and IT infrastructure Business objectives Enhance compliance and governance Board confidence in Information Reduce downtime, costs Information assurance Risk structures & processes Secure Networking Secure Communications Management Operational Risk Management Business Continuity Identity Management Information Management Propositions Common methodology Consulting services Design Integration, implementation Managed services Enabling security and compliance efficiently and cost effectively across your enterprise BT Knowledge, Experience, Thought Leadership • BT has concentrated its resources into one dedicated global practice, one of the biggest security teams in the world – 400+ full time client facing practitioners – A further 800+ working on security including R&D and internal team • Decades long heritage in designing, building, managing secure global networks • Rigorous, mandatory internal security evaluation process • Global accreditations & certifications – Practitioners validated by Cisco, ITIL and Juniper Networks – SAS70 and ISO 9001 certified MSS provider – Accredited to CERT & FIRST, CLEF – FIPS 140-2; one of only 8 globally – Active participants in IETF, ISO17799 • World leading R&D facility Adestral Park in Suffolk, England – 100 registered patents – 160 security papers published – 30% of people with second degrees BT’s Managed Security Solutions powered by Counterpane and the EHCOE • Authority on enterprise security – Pioneered outsourced security monitoring – Established in 1999 – Founder and CTO, best-selling author: Bruce Schneier • Leading visionary in Gartner’s Magic Quadrant for MSS and EH • Global view: 650 customer networks; Sentries installed in 38 countries; monitored data spanning 150 countries • Seven fully redundant security operations centers • Eleven year proven track record protecting major, high-value networks Mission: Develop and implement fully-integrated managed security services that assure customers’ business continuity, improved compliance, and protection from financial loss. 11 BT Security Services Customers Fortune 500 leaders in every major industry around the globe 12 Business Problems Solved by Managed Security Services • Streamline policy enforcement – Detect early warning signs of inappropriate activity – Protect against rogue employees and contractors • Identify unauthorized activity – Real time detection of botnet- and malware-infected hosts – Regularly updated blacklists of known botnet controllers and malware distribution sites • Facilitate data collection for regular audits and compliance reporting – Centralized access to all security-relevant and activity logs – Easy access to archive and flexible data-mining options • Leverage existing investments in expensive devices – Ensure IDS/IPS/firewall devices have current signatures & patches – Configure them in accordance with industry best practice • Provide cost-effective access to senior security expertise – On demand access to world-class security analysis & personnel – Focus on strategic decision-making while tactical issues are handled 13 Managed Security Solutions People We deliver crucial security information about complex threats with expert assistance on how to respond. We do so using three main elements: Process Technology …of these, people are the most important! 14 Workload Reduction Enables Customers to Focus on Core Business Objectives “Typical” Services Company Example (Monthly CIO Report) 30 Million 186,000 1200 5 Messages Received Alerts Processed Tickets Analyzed Customer Contacts 1 Phone Call 4 E-mails One of the things I’ve gotten the most mileage out of is the monthly CIO report… I use that [to show] my executives all the traffic that’s coming through… You start with millions of items and work your way down into about 50 to 60 of [incidents] a month. It’s a great way to explain the value we’re getting out of the managed security services.” Tom Dunbar, CSO, XL Capital 15 View Across BT Counterpanes Financial Services Companies Across our Financial Services Clients their Security Posture Index is rated as “Above Average” which indicates a high level of sensitivity towards information that is provided to them by our BT SOCs. 16 Web Application Testing – the Most Beautiful Target Client-side Application Testing Ethical Hacking Assessment • Components can consist of: – Java applets that operate within Web browser – Standalone Java applets – Standalone executable applications • Testing determines: – – – – How security is integrated into the client software components How the client software interacts with the remote server application If any unnecessary information is entrusted in the client software If the client software can be manipulated to provide unauthorized access to server application • Testing includes: – Attempt to collect as much information as possible about the client application and server communication – Attempt to manipulate the client software without inside knowledge 1717 Code Review – The Most Beautiful Path Source Code Review Ethical Hacking Assessment • Reviews application code for deficiencies in the areas of security, reliability and operations. • The review identifies strengths and weaknesses of the application software modules. • Detection of the following types of computer abuse are attempted: – Trojan Horses - Salami techniques - Trapdoors – Logic bombs • The EHCOE requires the following documentation in order to perform the source code review: – Source code comments and documentation – Method of invocation for each program – Options and configuration file documentation – Method of compilation for each program – 1818 What Sets BT Managed Security Solutions Apart? • United States Patent: Patent No. US 7,159,237 B2, Method and System for Dynamic Network Intrusion Monitoring, Detection and Response (Jan. 2, 2007) • Network visibility: More than one million event rules for a broad range of network devices • Advanced correlation technology: Multi-device, vertical market, cross-customer base • 24/7 vigilance by certified security engineers: SANS Certification and DOJ Background investigations required for employment 19 IDSs Firewalls/VPNs Routers Authentication Access Control Databases Web Servers Network OS Desktops Others What Sets BT Managed Security Solutions Apart? • Consultative approach: Dedicated team assigned to the account, Monthly touch points, Quarterly reviews, pre-sales and post-sales support, ongoing available support • Compliance audit reporting: VISA CISP/PCI, SOX, FISMA, GLBA, CA 1386, • Service Level Agreements: Swift activation and improved compliance with 100% guaranteed access to activity data . 20 Security Operations Centers Physically hardened facilities • Three-factor access control • Multiple forms of surveillance • Fully-redundant power and network 100% uptime since January 2000 • Full-redundancy in each center • Continuous tagging and time stamping • CPE has auto-rollover to SOCs Geographically diverse • Facilities in major technology centers • Robust facilities built on Critical Infrastructure backbones Audits and accreditations • Including: SAS70, ISO27001, BS7799 • Analysts are GIAC certified 21 Benefits of a BT Managed Security Services for the Financial Industry • Trusted Partner of the Financial Services Space – Current Testing Partner for the Majority of Very Large Financials • Resilient architecture - Hardened, active/active SOCs – no downtime • Vendor neutrality - Provides flexibility and avoids unnecessary capital outlays • Defense in depth - Support for more types of systems, including applications, databases AS/400, RACf, etc. • Comprehensive and integrated solution - Reduces risk and cost - Simplifies management and monitoring of diverse technology - Advanced correlation technology (Multiple tools and flexible configuration) Consultative Approach • Longevity and commitment - More than 10 years of continuous growth 22 BT 23 Professional Services 23
