2008--(None).gif){kind=logo} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
In this issue: Prevent data loss with |
March 2009 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4 Tips for building a security planAre you considering a security plan for your organization? Careful planning will prevent gaps that can put you at risk. Here are 4 tips for building a security plan that will not only guard against data breaches and ensure business continuity, but also increase your organization’s ability to adapt in the face of change. ... Is SIEM a necessity? – Q&A with Bell security services expert Marc Lafleur.Q&A: Are SIEM solutions a security panacea? This month Impact sat down with Marc Lafleur, Director of Managed Security Services with Bell, to find out more about the role of security information and event management (SIEM) solutions. We soon found out that SIEM solutions, once standalone systems, are now integrated with other security tools to pull and store data from various sources, resulting in faster, more accurate event detection, better compliance reporting and a more comprehensive understanding of events. Impact: Thank you for joining us, Marc. Let’s start with the basics: What exactly is SIEM and why is it needed? ML: Security Information Event Management solutions are used to detect and collect device and application security events for compliance reporting, vulnerability management and security monitoring. Without SIEM, it’s not possible to evaluate and respond to events quickly enough to mitigate breaches. Impact: How exactly does SIEM differ from a security log? ML: Think of SIEM solutions as intelligent event log aggregators that issue reports and alerts. Once integrated with other network security devices such as intrusion detection systems, SIEM tools are configured to collect, correlate and analyze event logs from multiple sources across a security infrastructure. They can collect and analyze application-level events or transaction logs in order to discover fraud or misuse, or to assess traffic patterns for known attack signatures, enterprise policy violations and compliance anomalies. You custom-configure your alerts, and when one goes off, people jump into action. Impact: Just how much better is event detection and management with SIEM than without? ML: Without SIEM, detecting an event within a reasonable time frame is impossible. An average network of 400 devices would generate more than 3 million events per day. It would take more than forty man-hours to parse the logs. So even if someone could read through 400 different log files and find a breach, private information could already be posted on the Internet or sold to a competitor or organized crime syndicate. Impact: Would you consider SIEM tools appropriate or indispensable for every enterprise-level business, or only businesses that meet certain criteria? ML: Given that the occurrence and sophistication of events have been increasing rapidly, I would say that it makes sense for all enterprises to use the best tools available to them to safeguard their security from both internal and external threats. SIEM is becoming a bigger part of that. What enterprises should be looking at is the kind of SIEM implementation that they need. It’s not one size fits all. Impact: Can you expand upon that, Marc? ML: Sure. First, understand your security and compliance requirements. Do you need to make sure that you achieve regulatory compliance, is your hot spot security policy management or risk management, or do you know? To make best use of SIEM you must understand short and long-term security requirements, and configure the solution to address them. Impact: Assuming that you know your security requirements, what are the steps involved in successful SIEM implementation? ML: The recommended first step is to complete a threat and risk assessment (TRA). To produce the best results, a TRA requires collaboration at many levels of the organization in order to ensure that IT, operations and security teams make changes to processes that will ultimately contribute to the success of the TRA. Once a TRA has been conducted and risks are identified, the next step is to model the IT infrastructure: evaluate IT assets, define network zones, map asset locations, and so on. This is an important step, because the more detail available on network and IT assets, the better the accuracy of reports generated, the higher the quality of alerts and the more quickly effective remediation decisions are made. Finally, create an implementation plan that defines requirements, confirms the SIEM solution architecture, and identifies the tasks and priorities required to successfully complete the SIEM implementation. The plan must also include the tasks required to create and /or modify the operations process and procedures so that they integrate with the SIEM solution workflow. Such operationalizing of the technology allows it to function in a way that addresses compliance requirements while managing risks and vulnerabilities. Impact: There is obviously a lot of work involved. Couldn’t a simple intrusion prevention system (IPS) take the place of a SIEM solution? ML: IPS devices do work, but they don’t provide the granularity and accuracy of a SIEM system. An IPS can detect network security risks, but only based on the data flowing through it. A SIEM solution, on the other hand, combines data sources to reach conclusions. It will also store the relevant information for pre-defined periods, enabling historical and trend analysis and reporting. The end result is a more comprehensive understanding of the event. A SIEM solution is also able to report on compliance objectives as well as low level attacks, something the IPS is less capable of. Impact: Let’s assume that I want to implement a SIEM solution. I’ve done the groundwork mentioned earlier…what’s next? ML: Different SIEM products are geared to different customer objectives. For example, SIM (security information management) solutions focus on data collection and reporting. If compliance and reporting are your key business drivers, a SIM solution may be all that’s required. Then there are network-based SIEMs, appliance-based SIEMs and Enterprise-grade SIEMs. This last group has greater flexibility in both rule and report creation, supports hundreds of event sources and provides a large database of common rules. Impact: What do you see in the future for SIEM? It’s now integrated with other security devices - what's next? ML: SIEM will become more like a living organism. The more log data it is fed, the more intelligence is produced. There is virtually no limit in what you can do with SIEM, but there will come a point when you will have too much data to digest. So it’s in the rules and actions where innovation will be key – programming SIEM to react in different ways to different threats and to perform actions automatically. Impact: Can you leave us with some tips on selecting and integrating a SIEM solution? ML: Sure. First off, you have to start with business drivers. Many approach SIEM from a technology point of view without establishing what they need to evaluate. There is a tendency to then map the corporate SIEM practice to the strengths of the tool selected. Another pitfall is underestimating the level of detail the SIEM system collects and publishes. Many discover that there are more questions than answers once SIEM is in place. You have to know your network, your systems, and data. Finally, if you aren’t monitoring and maintaining SIEM content around the clock, you will quickly fall behind and eventually end up with a glorified system log server. If you are going to get a return on your investment it must be continuously managed. Get started with your SIEM implementation The Bell Professional services team can help your organization at any stage of SIEM implementation: requirement gathering, setting priorities, integration and event monitoring. We can also help in selecting the right tool for your business. Once the service is online, the managed security team can provide 24/7 live security monitoring and incident management. You gain the benefits of a team that has integrated multiple solutions into production environments, and a group that not only advises you on your threats but also provides you with global cyber intelligence. Want to learn more? For information on how enterprise telephony solutions from Bell can help your business, contact your Bell representative or click here to have a Bell representative contact you. Marc Lafleur is Director of Managed Security Services with Bell. ... Assessment tool: Data loss prevention – Are you successfully managing your data loss prevention tools?Data loss prevention (DLP) tools protect data in use, data in motion and data at rest through a centralized management framework. But the implementation of a DLP system does not absolve organizations of all other security efforts – employees need to follow safe data management practices in order for them to be effective. This tool will help you determine how effective your data management practices are, helping you to highlight any gaps so that you can build a stronger data loss protection program. ... Strengthening security: Intelligent tools, smart planningA letter from the executive office
It probably doesn’t sound too far-fetched. The tough part is getting there: achieving a state of planning grace in the face of day-to-day pressures. Imagine a world in which security events are instantly parsed and remedied. Where all data is correctly classified and protected. Where everyone follows password and classification policies to a tee and you have protocols and people in place for any and every eventuality. And your main job is not putting out fires, but walking the firebreak: evaluating the security framework, prioritizing adjustments and scheduling remediation. The truth is that security solutions are growing more intelligent, more integrated and comprehensive. In this month’s expert Q&A, Bell security services expert Marc Lafleur gives us a concrete example of this as he explains how contemporary security information and event management (SIEM) solutions integrate with other tools to raise the alarm on events in real time and put out infinitely variable reports. But solutions are just one piece of the puzzle. While tools are getting both more sophisticated and easy to use, the trick lies not in putting the nuts and bolts in place, but in being able to survey the organizational landscape and create a security framework that is truly comprehensive, building in continuous improvement and self-healing capabilities. In this issue we offer some solid tips on building an effective security plan and a tool that will help you see if you’ve got your bases covered in terms of data loss prevention (DLP). There’s much more inside, so have a look! If you want to know more about how you can turn your current security environment into a comprehensive, self-healing system, our managed security services team is waiting to hear from you. We help large organizations with IT framework planning on a daily basis. We can do the same for you. So have a Bell representative contact you today today for an overview or an audit of your security and compliance environment. As always, we welcome your feedback on the tools and resources we offer you in Impact and on any other aspect of our services. Best regards, Stéphane Boisvert President, Bell Enterprise ... More popular compliance and managed solutions resourcesTake a closer look at security with other excellent downloads from our resource centre: Does your compliance and security program fully protect your enterprise? Find out with our compliance assessment tool. Are you getting the most out of your managed storage and security solutions? Find out with this storage and security assessment tool. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
If someone told you that you could cut costs and reduce risk by better planning your approach to security and compliance, would you believe them?