itsec - proactive security (for publication)...•decrease risk •provide faster answers to...
TRANSCRIPT
![Page 1: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/1.jpg)
Proactive Security ‐The Intel l igent Way
Panagiotis Kalantzis / Alexandros Detsikas
Classification ISO 27001: Public
![Page 2: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/2.jpg)
2 Space Hellas - All Rights Reserved
Threat Landscape EvolutionTh
e Th
reat
The Solutio
n
Cyber Mischief“The Morris Worm”
Cyber Mischief“The Morris Worm”
Cyber Espionage“Titan Rain
Cyber Espionage“Titan Rain
Cyber Crime“Kevin Mitnick”Cyber Crime
“Kevin Mitnick”
Cyber Mischief“Code Red”
Cyber Mischief“Code Red”
Cyber Espionage“APT”
Cyber Espionage“APT”
Cyber Espionage“Google Aurora”Cyber Espionage“Google Aurora”
Cyber Mischief“Slammer”
Cyber Mischief“Slammer”
Cyber Crime“Russian Business Network”
Cyber Crime“Russian Business Network”
Cyber Mischief“Heartbleed”Cyber Mischief“Heartbleed”
Cyber Crime“Sony Breach”Cyber Crime“Sony Breach”
Cyber Espionage“APT”
Cyber Espionage“APT”
Cyber Hactivism“Anonymous”Cyber Hactivism“Anonymous”
Cyber Crime“Russian Business Network
Cyber Crime“Russian Business Network
FirewallFirewall
1988 ‐ 1995Perimeter Defense
2011 – FutureActionable Intelligence
Intrusion DetectionIntrusion Detection
Anti‐VirusAnti‐Virus
Incident ResponseIncident Response
FirewallFirewall
Cyber IntelligenceCyber Intelligence
Data Collection (SIEM)Data Collection (SIEM)
Data AnalyticsData Analytics
Vulnerability ManagementVulnerability Management
Threat Indicator SharingThreat Indicator Sharing
2003 – 2010Automatic Data Collection
Intrusion DetectionIntrusion Detection
Anti‐VirusAnti‐Virus
Incident ResponseIncident Response
FirewallFirewall
Cyber IntelligenceCyber Intelligence
Data Collection (SIEM)Data Collection (SIEM)
Vulnerability ManagementVulnerability Management
1996 ‐ 2002Defense in Depth
Intrusion DetectionIntrusion Detection
Anti‐VirusAnti‐Virus
Incident ResponseIncident Response
FirewallFirewall
![Page 3: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/3.jpg)
3 Space Hellas - All Rights Reserved
Further Challenges
Nature and motivation of attacks(Fame to fortune, market adversary)1 Research
Infiltration Discovery
CaptureExfiltration
Transformation of enterprise IT(Delivery and consumption changes)2
ConsumptionTraditional DC Private cloud Managed cloud Public cloud
Virtual desktops Notebooks Tablets Smart phones
Delivery
Regulatory pressures(Increasing cost and complexity)3 Basel III
![Page 4: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/4.jpg)
4 Space Hellas - All Rights Reserved
Cybercrime Attacks Nature
Attacks Motivation, © Radware 2014
Cost of Cybercrime, © Ponemon Institute 2014
Types of Attacks, © Radware 2014
Top Cybercrime Impact, © Ponemon Institute 2014
![Page 5: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/5.jpg)
5 Space Hellas - All Rights Reserved
Future Predictions
Top Cyberattack and Data Breach Worries, ©Trustwave 2015 Pressures Report
Top Security Threat Sources, ©Trustwave 2015 Pressures Report
Top Risky Insider Threat, ©Trustwave 2015 Pressures Report
![Page 6: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/6.jpg)
6 Space Hellas - All Rights Reserved
Proactive Information Security
![Page 7: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/7.jpg)
7 Space Hellas - All Rights Reserved
Proactive Information Security
![Page 8: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/8.jpg)
8 Space Hellas - All Rights Reserved
Proactive Intelligence
Intelligence
DDOS preventionBOT prevention
SIEMNetwork sensors
Log, data, flow analysis & Data/Info miningLarge volume data analysis
Electronic intelligenceAttack perceptionBackdoor scanning
Decision support systems.....
ServicesProcesses
Cyber security team
PROACTIVE
Data / Information
Systems
Networks / Communications
Information Security
FirewallAnti-virus
Spam filteringAnti-spyware
Content analysisIDS/IPS
UTMPassword mgmt
PKIEncryption
VPNNAT
Backup/recovery.....
ServicesProcessesIT team
PASSIVE
![Page 9: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/9.jpg)
9 Space Hellas - All Rights Reserved
Proactive Information Security
Enabling everyelement to be a pointof defense and policy
enforcement
IntegratedProactive security technologies that
automatically prevent threats
AdaptiveCollaboration among
the services and devices throughout
the network to thwart attacks
Collaborative
![Page 10: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/10.jpg)
10 Space Hellas - All Rights Reserved
Processes
Our Holistic Approach
•Fast troubleshooting•Automatic change documentation•Better training•Improve efficiency and decrease mistakes
•Enforce segregation of duties
•Reduce costs company-wide•SLA and third-party billing•Decrease in number of IT issues•Decrease in number of data breaches•Improve overall efficiency and productivity
•Track successful internal trends
•Decrease risk•Provide faster answers to auditors
•Achieve a high level of accountability
•Decrease risk•Keep an eye on third-party contractors
•Monitor internal privileged users
Security Compliance
OperationsBusiness
IntegratedApproach Integrated
Approach
![Page 11: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/11.jpg)
11 Space Hellas - All Rights Reserved
Case Study Analysis
Strategy Roadmap Design Implement Operate Improve
ManageTransformAdvise
Enterprise StrategyEnterprise Strategy
Threat PostureThreat Posture
Enterprise Risk Appetite
Enterprise Risk Appetite
Regulatory ComplianceRegulatory Compliance
Risk Mitigation PlanRisk Mitigation Plan
Solution SelectionSolution Selection
Best PracticesBest Practices
Security ArchitectureSecurity Architecture
Security PoliciesSecurity Policies
Security ProceduresSecurity Procedures
Departmental Processes
Departmental Processes
Event CollectionEvent Collection
Network AnalysisNetwork Analysis
End Point Analysis & Protection
End Point Analysis & Protection
Security ProceduresSecurity Procedures
Live FeedLive Feed
Correlation RulesCorrelation Rules
Security ProceduresSecurity Procedures
DashboardsDashboards
Metrics DefinitionMetrics Definition
Risk Re‐EvaluationRisk Re‐Evaluation
Compliance StatusCompliance Status
TCO / ROSITCO / ROSI
TrainingsTrainings
![Page 12: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/12.jpg)
12 Space Hellas - All Rights Reserved
Security Architecture Snapshot
![Page 13: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/13.jpg)
13 Space Hellas - All Rights Reserved
Approach Benefits
Disrupt the adversarySecurity technology
Manage riskRisk & compliance
Reduce cost & complexityAdvisory & management
![Page 14: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/14.jpg)
14 Space Hellas - All Rights Reserved
SPACE HELLAS at a glance
System Integrator. . Value‐Added Solution and Service Provider
Active in Telecommunications, IT and Security
30 Years of Operation and Growth
210 Specialized Employees•More than 300 Certifications . Accreditations
Turnover: € 43,1 million (2014)
Listed on the Athens Stock Exchange since 2000
Certified for Quality & Information Security Management•ISO 9001:2008 . ISO/IEC 27001:2013
•National . EU . NATO Secret
National & International Presence
•Space Hellas HQ situated in Athens•Branches in Athens, Thessaloniki, Patra, Heraklion Crete and Ioannina
•Subsidiaries in Cyprus, Romania, Serbia, Malta•Activities in Albania and the Middle East
Free floatAlpha Bank
16%~20% 64%
Major shareholders
![Page 15: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/15.jpg)
15 Space Hellas - All Rights Reserved
Space Hellas Offering
Strategy Roadmap Design Implement Operate Improve
ManageTransformAdvise
Enterprise IS StrategyEnterprise IS Strategy Enterprise Information Security ArchitectureEnterprise Information Security Architecture
Enterprise Risk Management (ERM)Enterprise Risk Management (ERM)
Code ReviewCode Review
IT Security Review & AuditIT Security Review & Audit
Penetration TestingPenetration Testing
Vulnerability ManagementVulnerability Management
Business Continuity Strategy & PlanningBusiness Continuity Strategy & Planning
Gap Assessment & Review (ISO27000, ISO22301, PCI‐DSS)Gap Assessment & Review (ISO27000, ISO22301, PCI‐DSS)
Standards & Regulatory Compliance (ISO27000, ISO22301, PCI‐DSS, ΕΔΑΕ)Standards & Regulatory Compliance (ISO27000, ISO22301, PCI‐DSS, ΕΔΑΕ)
Web Application Security AssessmentWeb Application Security Assessment
ERP Application Assessment and Controls TestingERP Application Assessment and Controls Testing
SDLCSDLC
Information Security Awareness TrainingInformation Security Awareness Training
Threat ModellingThreat Modelling
Perimeter SecurityPerimeter Security
Remote accessRemote access
Endpoint securityEndpoint security
Content securityContent security
Log & Event management (SIEM)Log & Event management (SIEM)
Identity Management (IDM)Identity Management (IDM)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Solutions
Services Offering
![Page 16: ITSec - Proactive Security (for publication)...•Decrease risk •Provide faster answers to auditors •Achieve a high level of accountability •Decrease risk •Keep an eye on third-party](https://reader034.vdocument.in/reader034/viewer/2022050110/5f47eb9b661ef82c3826195a/html5/thumbnails/16.jpg)
Space Hellas S.A. Telecommunications, IT, Security Systems and ServicesPrivate Enterprise for Provision of Security Services
312, Messogion Ave., Ag. Paraskevi, 153 41 Athens, Greece Tel. +30 210 6504100 | Fax +30 210 6516712 | www.space.gr | [email protected]
Panagiotis Kalantzis / Alexandros DetsikasInformation Security Consultant / Information Security Specialist
[email protected] / [email protected]
Tel: +30 210 6504220