Security Playbook:

Setting Up a Game Plan

The Presenters

Darren Calman

VP Business Development

Simeio Solutions

Upa Hazarika

Sr. Dir. Marketing & Strategy

Palerra

2

Webinar Overview

Simeio Solutions and Palerra discuss how to:

• Develop a layered defense strategy for today’s modern enterprise

• Proactively protect your enterprise applications along with your cloud

footprint

• Detect and remediate incidents in the cloud

• Automate the workflow to ensure a gap-free security architecture

3

World’s Biggest Data Breaches

4

The new workforce. The new reality.

• 90% of workers in the US use personal smartphones for work purposes

• 10B personal mobile devices estimated to be in use in five years

• Gartner predicts that enterprise data will grow 650 percent in the next five years

5

Thousands of Applications

• The average enterprise has > 500 applications being used by their employees and customers

• Applications are being adopted directly by lines of business – not always going through IT

6

Technologies Exist….

7

.…but resources are scarce

• “…the demand for cybersecurity professionals began to overtake supply in 2007…”

• Processes aren’t always well documented

• Security configurations sometimes left at default parameters» …..or the application owner is not sure what impact a change in

a configuration will have

• Monitoring?

8

Putting it all together….

9

Building a Security Playbook

Essential Plays:

1. Proactively protect your enterprise footprint with identity management

2. Continuous monitoring of security configurations

3. Automated analytics to detect or predict threats

4. Automated incident response

10

Play#1: Identity Management

Transform the way you view and manage identity in a changing world

• More easily meet privacy and compliance requirements

• Reduce cost and complexity

• Increase security

• Increase reliability and productivity

• Improve user satisfaction and self-sufficiency

• Respond more nimbly to rapidly-changing business demands

• Seize new business opportunities by collaborating with partners/suppliers

11

SECURITY PLAYBOOK /// FEB 2015

Play#2: Continuous Monitoring for the Cloud

Continuous monitoring is important to:

Free up staff from labor-intensive manual monitoring methods

Eliminate any human errors resulting from manual monitoring methods

Maintain a compliant security posture by preventing configuration drift

Three parts to continuous monitoring:

1. The initial definition and setting security configurations for a cloud service

2. Ongoing monitoring of these configurations

3. Reverting any changes in case of drift from the predefined configurations

Automation of monitoring is necessary for compliance

SECURITY PLAYBOOK /// FEB 2015

Example: Continuous Monitoring of Password Configurations

1. Define security configurations for

Box and set the password

requirements to include 2 numbers.

2. Automatic monitoring begins and

detects that requirement was

changed to 1 number.

3. Automatically revert the

configuration to require 2 numbers.

SECURITY PLAYBOOK /// FEB 2015

Play#3: Threat Analytics for the Cloud

Challenges with performing threat analytics for cloud services

Static threat models cannot be applied to on-demand cloud infrastructure

Non-uniform transparency across cloud providers for event logs and security metadata

Consolidation of security data across SaaS, PaaS and IaaS is required for a holistic view

Correlation of data across all cloud services is challenging due to the sheer volume of cloud usage

A combination of approaches to threat analytics is required Detection: Define static rules and baselines to match known threats

Prediction: Use data science and machine learning to discover unknown threats

Automation of threat detection and prediction is necessary to keep up with the rapidly evolving threat landscape

Chase breach affects 76 million accounts, raises questions about detection failureSC Magazine – Oct 3, 2014

SECURITY PLAYBOOK /// FEB 2015

Example: Detecting an Insider Threat in the Cloud

1. User downloaded confidential

files from Box

1. Uses Office 365 to email files

to a person with a competitive

email domain

1. Insider threat is automatically

detected

SECURITY PLAYBOOK /// FEB 2015

Example: Predicting an APT

1. Monitoring detects large

number of failed logins to

Salesforce in combination with

mass record deletes and

transfers.

1. Advanced Persistent

Threat (APT) is predicted.

SECURITY PLAYBOOK /// FEB 2015

Play#4: Incident Response for the Cloud

Comprehensive incident response entails Logging: ensures that all incidents are tracked

Remediation: ensures that all incidents are addressed

Two approaches to remediation Changes are made directly to the cloud service

Changes are made via integrations with existing IT investments

Automation of incident response is necessary to ensure that no incidents are lost in the shuffle

Target did not respond to FireEye security alerts prior to breach, according to reportSC Magazine – March 13, 2014

SECURITY PLAYBOOK /// FEB 2015

Example: Automated Incident Response

1. Incident is automatically

logged.

1. Incident is remediated:

a. By directly disabling the

user’s account in the

cloud service

b. Or, by integrating with

an external tool which

disables the user’s

account

SECURITY PLAYBOOK /// FEB 2015

Meet LORIC™: The Cloud Security Automation Platform

Continuously monitor and

enforce security

configurations to ensure

compliance

Threat detection using

security baselines, behavior

patterns, and real-time threat

intelligence feeds

Threat prediction using

machine learning and

modeling techniques to

evaluate risks across

hundreds of threat vectors

Automated forensics, incident

management, orchestration

and remediation

Continuous MonitoringThreat Detection Predictive Analytics Incident Response

SaaS platform with Public and Private Cloud Options - NO hardware, software or agents

SECURITY PLAYBOOK /// FEB 2015

Rest Easy with LORIC

Gap-free protection across SaaS, PaaS and IaaS

Cost savings resulting from automation of security lifecycle

Compliance through continuous monitoring and enforcement

SECURITY PLAYBOOK /// FEB 2015

About Palerra

• Automating threat detection to incident response for cloud services

• Launched in 2014

• Technology partners include Microsoft Office 365, AWS, Box, Salesforce and GitHub

• Solution provider partners include Simeio

• Cloud Security Alliance corporate member

Company

Investors AccoladesThe 10 Coolest Security Startups Of 2014

AlwaysOn Global 100 Companies to Watch

SECURITY PLAYBOOK /// FEB 2015

Leading Provider of IAM and IT Security Solutions

• Identity & Access Management / Governance

• IT Governance, Risk and Compliance

• Global Reach

Recognized by Leading Analysts

• Referenced in or co-authored dozens of publications

100’s of Project Successes and over 17 Million Identities Managed

About Simeio Solutions

22

23

Resources

Simeio Customer Testimonials

https://www.simeiosolutions.com/home/testimonials.html

Simeio Additional Resources

https://www.simeiosolutions.com/home/resources.html

Palerra Evaluating Cloud Security Solutions Buyer’s Guide

https://palerra.com/locked_item/buyers-guide

www.palerra.com /// info@palerra.com /// @palerrainc

www.simeiosolutions.com /// info@simeiosolutions.com /// @simeio