Professional Documents
Culture Documents
Si Cyber Security
Si Cyber Security
Si is driven by a desire to offer our clients the highest degree of protection against todays cyber threats. We do this by delivering
the most customizable approach to security managed services available and by providing a highly tailored and responsive
approach for each client. We protect all IT assets including virtual assets, cloud and traditional infrastructure using our team of
over 150 dedicated security experts from our Security Operations Centres in London, New York, Dubai and Mumbai.
Established in 2003 with over a decade in Security and Cyber Security consulting and management services, our objective is
to place the power of our SOC team into our clients’ hands to provide complete visibility of security events and threats within
their environments. Our aim is to become an extension of our clients’ internal teams as a trusted partner.
CONTENTS
Why Us?
• Dedicated security specialist • Powered by industry best technology
Solutions & Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Professional Security Services . . . . . . . . . . . . . . . . . . . . . 24 • Global SOC’s across 4 continents • Powered by industry experts and analysts
Managed Security Services . . . . . . . . . . . . . . . . . . . . . . . . . 2 Vulnerability Assessments . . . . . . . . . . . . . . . . . . . . . . . . 26
Solutions & Services
Managed Firewall & Managed SIEM . . . . . . . . . . . . . . . . . 4 Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Si provides Managed Security and Professional Security Consulting services to thousands of end customers. Our delivery
Web Application Security Testing . . . . . . . . . . . . . . . . . . 28
SOC-in-a-Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 model utilizes a cloud based information security and compliance solution, which requires no capital expenditure from our
Network Risk Assessments . . . . . . . . . . . . . . . . . . . . . . . . 29 clients and is accessible via a secure and innovative customer platform.
Assisted SOC Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Firewall Migration Services . . . . . . . . . . . . . . . . . . . . . . . . 30
Customer dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
OBJECTIVE
Network Architecture Review . . . . . . . . . . . . . . . . . . . . . 31
White Labeled Managed Services . . . . . . . . . . . . . . . . . . 12
BYOD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Born out of a common vision... “we deliver to our clients the very best security services by using innovation,
Advanced Threat Protection and Malware Detection . 14 professionalism and our depth of expertise.“
Managed Honeypot Active Defense . . . . . . . . . . . . . . . 16 Compliance Consulting . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
ISMS - ISO 27001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 We deliver on our promise to enhance our clients’ information security posture, lower their total cost of ownership and
Managed SCADA Security . . . . . . . . . . . . . . . . . . . . . . . . 17
demonstrate compliance through our managed security and professional services, day in, day out 24 x 7.
Continuous Threat Defense Service BCP & Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Professional Services
• Vulnerability management & testing
• Penetration testing
• Web application security
• Network risk assessment
• Device configuration & mitigation reviews
• Cyber forensics
• BYOD
Si enhances the operational efficiency of our clients’ information systems with our Managed Security Services. By optimizing
IT asset utilization, risk management and compliance we improve uptime and availability.
We design, build and operate security operation centres either onsite at our customers’ locations or in the cloud through our
network of security operation centres.
We have built and we operate security operation centres across London, New York, Dubai and Mumbai. This gives us a
proactive 360o view of global threats.
Services Description
monitor inbound and outbound network traffic to identify unusual Advanced Threat Management Supply and correlation of commercial threat feeds (e.g Norse).
activity or trends that could indicate attacks and the compromise Managed Vulnerability Management Vulnerability Management
Managing and monitoring security devices is a highly skilled operation that can be a time consuming and resource intensive Firewall / IDS / IPS / Network Devices / Server
process. Our managed security services allow our clients to focus on their core business while we concentrate on providing
secured networks and systems. Security Services Feature Set Monitor Manage
24x7 Proactive Security Incident Monitoring,
The service we offer is 24x7 and is scalable, compliant and cost effective. This service is designed for banking, government and
Detection & Notification
enterprise clients that wish to outsource SIEM services against strict SLA’s and compliance requirements.
Threat Management SIEM & Correlation
Security Policy Consultation
With over 20,000 devices under management, our cloud based service is secured across our redundant global SOCs and offers
Incident Management
a resilient and dependable service.
Maintain Device Inventory Database
Configuration Management
Summary Features Backup of Device Configuration
Availability Monitoring
Fault Detection & Notification
Advanced Event Correlation Fault Management
24 X 7 Security Monitoring In Country Log Retention Real Time Incident Response Fault Diagnosis & Resolution
Vendor Management
Maintain Documentation
Event Storage For ISO 270001, SANS 20 15 Minute SLA Response SIEM Powered Policy & Signature Configuration Changes
Forensic Analysis Compliance Reports Time By LogRhythm
Change Management OS Updates, Patches & Signatures
Maintain CMDB
Web Based Customer Policy & Signature Performance, Availability
Weekly Reports Operating System Upgrades
Dashboards Configuration Changes & Threat Management
Basic Reporting
Reporting
Advanced Reporting
What do we manage? Web Based Portal
Web Portal
Access to Threat Feeds
Servers & System OS, 120 days online log retention
Core Network Equipment Network Security Equipment Log Retention
Applications & Databases 12 months archival (Customisable)
Security Managed Servers (Windows,
Network Routers / Switches Managed Firewalls
Linux, Unix, ESX)
Global Security Operations Center. SOC
Applications Network Wireless LAN Managed Network IDS or IPS Co-location center All logs stay in country
TIER 3 D.C
Databases Network Load-Balancers / Accelerators Managed Network VPN Routers
VPN SECURE
Email Servers Managed Network AntiSpam / Proxys Customer Network
VPN SECURE
Managed UTMs
Managed firewall /
UTM / IDS
Managed server
Si recognises that many clients have a business demand to locate our Security Operations Centre on their premises SOC and Incident Response Processes
/ data centres. We offer a rapid deployment solution to enable our clients to become operational in a matter of
days including people, processes and technology components. At the heart of the SOC lies an industry leading SIEM Si’s team has been designing, operating and consulting on SOC deployments globally for over 10 years and a particular
(LogRhythm Security Analytics Platform) that is closely coupled with additional modules which may be added at the strength is our ability to develop and optimise SOC and Incident Response processes. Whilst this element is often overlooked
customer request to include full SOC functionality. we believe this is the single most important ingredient to consistent successes and predictable results. Our clients will benefit
from this experience when they partner with Si to deliver our SOC-in-a-Box offering.
Technology Elements
Our SOC-in-a-Box deployment represents an agnostic approach to the component architecture and provides the choice
of vendor to our customers from the following matrix. STEP 1 STEP 2 STEP 3
Select Technology Select Staffing Select Processes
Module 7: Continuous Threat Defence CyberFlow Anormalytics Suite - Anomaly Detection system
Service Delivery Architecture
The heart of an effective SOC operation is the quality of staffing together with
robust and tested SOC policies and processes. In all cases, a 24x7 SOC operation
is required to ensure a continuous level of monitoring and defence and whilst
this can be cost prohibitive for many organisations we offer three options to
achieve this objective.
Options: Staffing
Option 1: Remote 24x7 monitoring from our Global Security Operations Centre.
Option 2: Onsite 24x7 monitoring at our customer’s site location
Option 3: Hybrid – Onsite (8x5) team, offsite (evening shift, weekends and public holidays)
In all cases we ensure that all security logs stay onsite at the customers SOC
infrastructure.
Technology itself is not enough; an efficient SOC team requires a critical balance of people, process and technology. Si The adoption of “Assisted SOC” is motivated by three key messages: “Less Cost”, “Increased Performance” and “Service
partners with LogRhythm to empower our customers to and leverage their existing SIEM investments by providing a 24 Assurance (SLA)”. We demonstrate to our customers that we deliver SOC monitoring services better and for less than the cost
x 7 Monitoring service offering. of an in-house service.
What is Included?
Cost /mth of 24X7 Performance SLA Response
monitoring team + Skills level
Security Services Feature Set Monitor
24x7 Proactive Security Incident Monitoring, Detection & Notification Customer X: ? Result:
Expensive, no service
In house team 5 X £4,300 = £21,500 Difficult to achieve with Difficult to track and guarantee + performance
Threat Management SIEM Event Management & Correlation
in house team manage risk + staff risks
Security Policy Consultation
Result:
Maintain Device Inventory Database Si remote
Si dedicated security Less cost + better service
Configuration Management outsource team £4,500 15 minute response assurance
Backup of Device Configuration professionals
Availability Monitoring
Fault Management
Fault Detection & Notification Options
Change Management Maintain Documentation We recognize that not all businesses are the same and so we support the following deployment models:
• Onsite SOC Teams
Reporting Reporting
• Offsite Remote SOC Team (Remote Monitoring)
Web Based Portal
Web Portal
• Hybrid – Day Shift Onsite / Nightshift Offsite
Access to Threat Feeds
Service Management
Management and tracking of performance against service level agreements.
Customizable Dashboard
The customizable dashboard presents an overview of security incidents across the
enterprise. Key statistics of infrastructure areas that either require more attention or events
that provide a larger picture.
We provide a service that allows our Partners to re-sell our managed security services as a white labled service. Our process Customer Platform
& technology allow our Partners to deliver ‘in the cloud’ IT services, with no capital investment, to provide a world class, 24x7
managed security service. Si takes care of the technology and the expertise using our global operations centres allowing our Our partners benefit from our innovative Customer Platform that enables complete account management for reporting,
partners to take care of their customers’ security needs. ticketing, fault management, threat & vulnerability management, customized dashboards, news and knowledge base.
Our web user interface sets the benchmark globally for customer interfacing and allows both partners & end customers a live
Customised Platform 360o view of their assets, service fulfilment and SLA performance.
MSSP Services
Customisable dashboards
Service Architecture
Si defends our customer networks against threats by using a market leading Next Generation Intrusion Prevention
System and deep integration into our SIEM platform (Powered by LogRhythm) to provide multi-dimensional behavioural Si partners with leading Next Generation Firewall vendors (Palo Alto, Sourcefire or ThreatTrack) to incorporate their
analytics, extended visibility and continuous monitoring for real-time threat detection & response. advanced threat detection technology and sandboxing with our SIEM platform (Powered by LogRhythm) and correlates
it against other security devices and machine data throughout the IT environment.
The Next Generation Firewalls which we support or supply include:
• Palo Alto
• Cisco Sourcefire
• ThreatTrack
• Fortinet
Summary Features
The feature set summary is provided as follows: Service benefits:
• 24 x 7 monitoring & management • No Capex investment required
• Real time incident response system • Detect advanced malware and realize outbreak
• Advanced malware protection & next generation IPS extents for fast remediation
• Packet level forensics and sandboxing • Automated and immediate action against
• Network behaviour analysis threats such as APT and zero-day attacks
• Integration with our next Gen SIEM for behavioural analytics • Multi-dimensional behavioural analytics
• Behavioural whitelisting • 24 x 7 monitoring + real time event
• Statistical baselining contextualization
• Real-time threat management
• Continuous Compliance
• Host & network forensics
• Real-time contextual awareness
LogRhythm incorporates Next Gen FW security and advanced malware protection via the secure eStreamer API
and correlates it against other security device and machine logs to deliver multi-dimensional behavioral analytics,
extended visibility and continuous monitoring for real-time threat detection & response.
ADVANCED THREAT PROTECTION AND MALWARE DETECTION CYBER SECURITY | CAPABILITY STATEMENT | 15
MANAGED HONEYPOT ACTIVE DEFENSE MANAGED SCADA SECURITY
A honeypot is a security resource deliberately designed to be probed, attacked and compromised, for the purpose of gathering Today, remotely deployed field devices and SCADA systems are increasingly brought into the IT environment and communicate
intelligence around an attacker. By using honeypots to create better context around threats, we are able to provide a more over IP. This convergence of Operational Technology (OT) and Information Technology (IT) has opened up new points of attack
proactive defence posture. Our automated and integrated approach to honeypots eliminates the need for the manual review or “threat vectors” for hackers.
and maintenance associated with traditional honeypot deployments.
Si has countered this threat by providing SCADA firewall technology which is integrated into our SIEM (Powered by
LogRhythm) for 24x7 monitoring, threat and incident detection.
The customer will interface with the MSSP SOC team via the customer portal where he will have customer access to:
• SLA Tracking
• Ticketing & troubleshooting
• Threat Management Dashboards
• Knowledge Based for Incident Response and analytics
MANAGED HONEYPOT ACTIVE DEFENSE | MANAGED SCADA SECURITY CYBER SECURITY | CAPABILITY STATEMENT | 17
CONTINUOUS THREAT DEFENSE SERVICE
MACHINE LEARNT BEHAVIOURAL ANOMALYTICS
Si partners with Cyberflow AnalyticsTM to provide a service that detects operational anomalies within packet communication Service Architecture
behaviour to determine high risk activities and threats. The system is the only system that can provide “Anomalytics”, a
real-time, streaming, machine-learning, behavioural analytics solution, which can instantly detect and alert operational and 4. We correlate the
1. Deploy a virtual 2. Execute multiple,
security practitioners of anomalous and suspicious activities within their organizations. real-time anomaly
machine network, app real-time analytical 3. Cross-correlate
threat detection and
and device sensors that models to construct the maps against a
This system and service uses Anomalytics to provide real-time cyber-security threat detection at scale and in situations where alerts through our
monitor systems to self-organizing maps behavioural policy
SIEM to drive rapid
traditional security products are failing to adequately identify and detect advanced polymorphic attacks and other anomalous feed the “Anomalytics which present high risk framework.
incident response and
lateral behaviour within their organizations. Fusion Engine”. behaviour.
forensics.
CONTINUOUS THREAT DEFENSE SERVICE | MACHINE LEARNT BEHAVIOURAL ANOMALYTICS CYBER SECURITY | CAPABILITY STATEMENT | 19
BENEFITS OF ENGAGING AN MSS PROVIDER
“The cost of a managed security service is typically less “MSSPs can also enhance security simply because of the “It is difficult for an in-house team to track and address The MSSP service can report near real-time results,
than hiring in-house, full-time security experts.” facilities they offer.” (DeJesus, 2001). These are physically all potential threats and vulnerabilities as well as attack 24 hours a day, 7 days a week, and 365 days a year,
(Wilbanks, 2001). hardened sites with state-of-the-art infrastructure patterns, intruder tools, and best security practices.” (Alner guaranteed against an SLA. This is a large contrast with
managed by trained personnel. 2001, Navarro 2001) an in-house service that may only operate during normal
Staffing Whereas …. business hours.
Objectivity and Independence An MSSP is often able to obtain advance warning of new
“A shortage of qualified information security personnel vulnerabilities and gain early access to information on Service Security and Technology
puts tremendous pressure on IT departments to recruit, An MSSP can provide an independent and objective countermeasures.
train, compensate, and retain critical staff.” (Hulme, 2001) perspective on the security posture of an organization. An “Service security solutions and technologies such as
in-house team often can not be objective and certainly is firewalls, intrusion detection systems (IDSs), virtual private
An MSSP transfers this responsibility. In addition, “if a not independent. networks (VPNs) and vulnerability assessment tools are far
client organization can outsource repetitive security SLA more effective because they are managed and monitored
monitoring and protection functions, then they can focus 15 Minute by skilled security professionals.” (Wilbanks, 2001)
internal resources on more critical business initiatives” Alert-High
(Pescatore 2001). Priority events
94%
27% Initial Cost
Skills Recurring Savings Security
Annual Save Awareness
“MSSPs have insight into security situations based on
Service
extensive experience, dealing with hundreds or thousands
of potentially threatening situations every day, and are
some of the most aggressive and strenuous users of
Cost
security software.” (Navarro 2001 & DeJesus 2001)
Facilities
360O View Skills
Of Global
Threats Independence
20%
Technology
We Are
But 80%
Built For Big
Interpretation
Data
Si has been running a Computer Security Incident Response Team (CSIRT) for many years. Through the development of our CSIRT skills & experience
own SOC and our clients’ SOCs our staff are some of the most qualified and experienced incident response engineers in the
market place. Si follows the best industry standards and guidelines for Our CSIRT engineers are highly experienced and maintain a
incident response. tool kit of skills including:
Si CSIRT LAB • Vulnerability management
The increasing sophistication and impact of malware • Penetration testing
Through the development of our own SOC, our CSIRT lab The security incident management team attacks emphasises the need for companies to retain the • Botnets
comprises an extensive library of incident case files that activities include: services of a professional CSIRT team. • Sandbox
are key for supporting analysis and mitigation measures. • Honeypot
The very fact that Si has SOCs around the world, gives our Rapid Response CSIRT Services • Forensic analysis
CSIRT teams a unique insight into a wide range of threats
and risks, enabling us to react faster to such incidents. Each Incident Response
member of the team has access not only to the labs, but to Why hire a professional CSIRT?
this global resource. Reverse Engineering/Analysis
The inability of companies to prepare for possible cyber-attacks from incredibly resourceful criminals is one of the most
Advanced Threat Alerting
CSIRT Services pressing issues facing global chief executives. The increasing sophistication of attacks, which render even the most technology
Forensics savvy organizations vulnerable, mean that few organizations have the means to employ staff with the ability to respond
We offer our professional services to enterprise, telecom effectively. We offer an incident response service that allows our customers’ organizations to benefit from our skills and
and government organisations on a cost effective basis. Malware Analysis experience.
The available options for procuring these services include:
• Staff secondment Assessments & Audits
• Retainer leased rapid response teams
• Remote CSIRT teams
Script Development
Firs rfare
wa
t m att
Ne ack
Hij
ww
ajo ack
Fas w wi
r cy
no
ave
t fl de s
ber
ux pr
of
0-D w co
DN ead
DLL
no
Email Information
S
ay mm
Crc usi
p2p
Request
thr on
Malware Sophistication
com s a
ctc edia,
eat pla
M
Incident
usi Twit
ms uto
Other
s
Analyze Obtain Contact
Resolution
n
Report
ng ter
Information
Triage Flame - the most
ove DDO
Crc P & H
Soc &
HT
sophisticated
ce
r
com TTP
ctc ndar
Malware yet!
ial FB
sta
com d IR
ms
Coordinate
Crc ndar
Provide Technical
S
The rise in nation
sta
information
Assistance
IDS
ove
& Response
m
com d IR
S
state Malware!
s o port
r
Vulnerability
ms C po
ver s
C
Report
ove rt
Hotline/Helpdesk
non
Call Center
r
Mydoom & Sasser
Record for
CSIRT
Figure Incident
5: CERT/CC Handling
Incident Life
Handling LifeCycle
Cycle Most damage!
98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13
Our delivery model is based on industry best practices and technologies that are aligned to our clients’ IT infrastructure and
business processes. Our services create a foundation that enables our clients to address key risk management and compliance
challenges.
Vulnerability Assessments
Penetration Testing
Web Application
Security Testing
Si’s Vulnerability Assessment (VA) service provides our clients with the ability to identify and mitigate security gaps associated Interconnected corporate networks of partners, clients, remote offices, wireless LANs, vendors and the Internet have created
with their IT assets, thereby enhancing their overall security posture. multiple avenues for an attacker to target companies. Organisations face greater risks to customer data, intellectual property
and financial records.
Our assessments meet the mandatory compliance requirements and provide a proactive measure to stay one step ahead of
threats. CIOs and CFOs must have a clear understanding of risks and vulnerabilities to protect their organizations from external
attacks.
Our Vulnerability Assessment provides:
• O n-demand proactive vulnerability management for Features include: Our Penetration Testing services enable our
organisations clients to:
• Visibility, awareness and consistency of our clients’ Executive summaries (jargon-free, true executive-level summaries) • Identify existing and potential vulnerabilities and
organisations risks from external attacks
Priority matrixes, indicating remediation priorities and risks
• Tracks asset ownership, pinpoints rogue devices and • Utilise experienced security analysts with the
views detailed asset discovery and profile reporting Detailed impact analysis of the identified vulnerabilities specialized skills and tools needed to mitigate client
• Reduces investment in tools and technology Findings and recommendations to improve security postures risk
• Comprehensive remediation solutions • Conduct testing in a safe and controlled environment
Knowledge transfer to client’s IT teams
• Complete remediation procedures to mitigate without compromising routine business activities
identified vulnerabilities • Reduce investment associated with employing full
time security analysts, tools and technologies
Features include: • Integrate with an overall risk management solution
to address the audit requirements of policy and
A robust policy template to enable security compliance frameworks such as ISO 27001, SOX,
configuration compliance
HIPPA, PCI etc
Compliance-based reports
(PCI, HIPPA, GLBA, FISMA and SOX)
IMPACT REPORTS
VULNERABILITY VULNERABILITY PENETRATION
ANALYSIS DATA Detailed
IDENTIFICATION ANALYSIS EXPLOITATION
Extent of CORRELATION Findings,
Locating Known Filtering & Confirming
Business impact MITIGATION Management
& Unknown Confirming of Existing
due to Vulnerability STRATEGIES Report Executive
Vulnerabilities Attack Methods Vulnerabilities
Exploitation Summary
IT applications allow our clients to directly access personal and confidential information, encouraging a self-driven model and A thorough evaluation of network security posture is mandatory to enable our clients to answer the following fundamental
decreasing costs. questions:
• What is their enterprise security strategy? And what Our Network Risk Assessment includes:
Critical business functions are dependent on the successful functioning of IT applications. There is an exponential increase in can be done to protect it in a better way? • A Security Policy Audit – evaluating security policies
vulnerabilities found in Web Applications creating a significant impact on our clients’ enterprises and the privacy of the end • Where are the weaknesses in their security policies based on availability, business continuity and
users. Business losses can include loss of data, public image and loss of confidence. and architecture? compliance requirements; it also establishes key risk
• How can they make security data actionable and factors and security metrics
Our Web Application Security Testing allows our get timely compliance reports to address audit • A Technical Security Evaluation – analyzing the
clients to: requirements? security architecture in the context of security
• Get instant feedback and catch hidden bugs before Features include: • How much does an effective risk management policies and control objectives to uncover
launch solution cost? vulnerabilities
• C reate higher quality applications as they are tested Identification of technical and logical vulnerabilities • A Threat Management Assessment – examining
by certified QA experts such as SQL injection, cross-site scripting, I/O data Features include: threat identification, investigation and incident
validation, exception management etc.
• Deploy applications faster by testing throughout the response processes
development process Ability to determine remediation steps Comprehensive documentation and • Disaster Recovery & Business Continuity Planning
• Use global testing coverage by testing across and counter-measures presentation of findings – to ensure that plans for returning systems to
operating systems, browsers, languages and more operational standards are in place
Detailed technical information report covering the A prioritised list of remediation steps
• Allow our clients to gain a better understanding of
nature of the defect, the code locations, impact of
potential website vulnerabilities that may be visible Practical recommendations focusing on both the risk
defect and the remediation solutions
from the Internet and cost associated with it
With no inside information We receive basic information about We receive complete information,
about the application.. design & function of the Web app. coding, infra, architecture.
WEB APPLICATION SECURITY TESTING | NETWORK RISK ASSESSMENTS CYBER SECURITY | CAPABILITY STATEMENT | 29
FIREWALL MIGRATION SERVICES NETWORK ARCHITECTURE REVIEW
Firewall technology longevity typically spans from between 5-7 years and upgrades are often initiated by growing Si utilises its vast experience and knowledge to act as professional assessors with respect to the security architecture of our
organizations and changing security requirements. A firewall is an item of critical network security infrastructure and any clients’ networks.
change in technology is fraught with risks to business continuity.
Our consultants analyze every key aspect of the architecture including:
Si’s professional services team can assist organizations from applying a standard methodology to executing a firewall • Logical and physical design
migration. Each migration project deployed is unique and represents a different set of challenges, the key to our success is to • Security technology inventory
treat each case with the same level of care and professionalism. • Asset inventory
• Outbound and inbound connectivity
Firewall Migration Road Map • Security procedures and processes
• Network topology
• Network and host access controls
Baseline Assessment Requirements Planning Migrate
• Log-in procedures and authentication requirements
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 • Business continuity plans
FW Architecture FW Health Check FW Policy & FW Module & Protection Migration Config Migration Cut Over
Assessment & Performance Review Compliance Review Level Assessment & Validate & Monitoring • Containment and incident response procedures
Analysis of: Review of: Review violation of: Review of the protection level Lab Based Configuration & On site:
• Health of security controls
- Firewall logs - Hard disk capacity and usage - Corporate policy, achievable with current Validation. prior to roll out and - Traffic migrated from old to
- VPN’s and CPU memory usage - Industry standards and best Architecture. cut over. new
- Installed software / patch level - Network interface… practices - Troubleshoot
- Bugs fixed in new versions • ..throughput - FW Rules & Optimisation Recommend upgrades and - Monitor
- Utilisation of hardware • ..capacity additional modules - Handover & training
components • ..availability • e determine security strategies and support our clients’ business objectives
W
- Analysis of logs, errors and
syslog • We implement policies where required and we establish new policies should they be required
- Firewall config
• We put in place effective risk mitigation and regulatory compliance
• We analyse, manage and report
Case Study: Firewall Migration – Fortune 500 Financial Services Institution (2012) • We review existing policies and frameworks and make recommendations where necessary
• We audit existing policies for example ISO 27001/PCI to ensure compliance
What are the facts? • Our aim is to set out a road map detailing short, medium and long term goals
• $ 1.1 Million firewall migration project for this client The client decided to change their technology following a
generates fast payback for customer history of frequent McAfee Sidewinder platform crashes
• The client is an IT managed services provider serving that negatively impacted their end customer satisfaction. Si
over 11,000 community-based banks, credit unions, began by performing a proof-of-concept project to migrate For each key area, and for the infrastructure as a whole, Si consultants identify and document the following 4 Steps:
and insurance agencies. This engagement calls for one firewall in our lab before the full scale roll out.
migrating 45 McAfee Sidewinder firewalls to Cisco
Step 1: Step 2: Step 4:
ASA firewalls Step 3:
Current state A vision for Recommendations
A Gap analysis
What did we learn? assessment a future state for closing gaps
The client recovered the cost of the firewall migration project through lower cost of operations, reduced security risks, more
efficient administrative and maintenance processes, and ultimately a more satisfied customer base.
FIREWALL MIGRATION SERVICES | NETWORK ARCHITECTURE REVIEW CYBER SECURITY | CAPABILITY STATEMENT | 31
BRING YOUR OWN DEVICE (BYOD)
When an organization is considering implementing a BYOD policy they will generally be asking; what sort of Mobile Device
Data waiver
Management will need to be implemented? What systems must employees have mobile access to? What level of security will
Personal and business data can be easily mixed on
need to be implemented? Security personal devices, so employers need to protect
themselves if it goes wrong. If the device is lost or
With sensitive information being
stolen, employers may need to destroy all data –
Si provides consulting services to deliver the right solution to enable our clients to manage and secure both their networks transmitted, security is top of the list.
employees should sign a waiver agreeing to this
Allowing BYOD doesn't mean sacrificing
and also how to control the use of mobile applications on personal devices across their network. before being allowed to use their own device.
security. IT must establish WiFi security,
VPN access and ideally add-on software
to protect against malware.
Manage the Network Manage the Mobile Device
Your network needs to be Support the secure Set policies around what Develop specific Control access to the Control access to
able to cope with the connection of devices, devices to connect to the stipulations to govern the camera, application documents and data
influx of personal devices whether they are network, and what use of the new stores, Internet browser, shared over the mobile
connecting to it. connecting from inside or network areas they have technologies such as YouTube, and explicit device.
outside the office. access to. smartphones and tablets. content.
Secure & Manage the Network with ISE Secure & Manage Mobile Devices with
Identification
If a wide range of users and
Si has pioneered the implementation of BYOD management Si partners with MobileIron who offer the platform to devices are to be allowed access
through collaboration with Cisco ISE and are selected as manage mobile apps for business users. The MobileIron to the network, it is critical to
identify and authenticate each
1 of only 10 worldwide delivery partners. The technology platform provides both the tightest security and best device and user.
allows: end-user experience for the distribution, delivery and
Management
• Consistent enforcement of context-based policies management of mobile applications, docs and devices for
The IT department needs to
across wired and wireless networks global organizations. select a mobile device
• System-wide visibility showing who and what is on management system. Look
out for one that offers
the network - wired, wireless, or VPN simple user interfaces as
• Accurate device identification using ISE-based well as the security features
you need.
probes, embedded device sensors, active endpoint
scanning
• Greater visibility and control of the endpoint with
Mobile Device Management solution integration*
App security
Some applications could compromise the security of
your business data, so you'll need an application
System wipe control system in place to prevent blacklisted apps
The "bullet". Your IT department needs to be able to being downloaded once the device is hooked up to
wipe the system if it believes its security has been your network.
compromised.
Services include:
• C ompliance consulting, implementation and
management
• Compliance certification readiness audits
• Business continuity planning (BCP)
• Security awareness and ITIL training
• Compliance services covering:
All it took was a small number of employee log-in details to be - ISO 27001:2005
- ISO 20000
compromised for hackers to obtain the entire customer database. As - BS 25999
- ITIL
a result 128 million people – equivalent to twice the population of - COBIT
- HIPAA
Britain – had to change their passwords! - PCI DSS
- SAS 70
The eBay Hack, May 2014 - SOX
INFORMATION SECURITY MANAGEMENT SYSTEM - ISO 27001 BUSINESS CONTINUITY PLANNING (BCP) & MANAGEMENT
Objectives & policies Risk treatment plan Monitor, review & refine Documentation Business Impact Analysis (BIA) Disaster Recovery Design Crisis Command Team call-out
Crisis Management -
Gap analysis Implement controls Management review Verification Threat & Risk Analysis (TRA) Technical Swing Test Verify - Tech solutions
Command Structure
Risk assessment Training & awareness Certification Impact Assessment IT Failover Plan IT Applications Test Verify – Recovery Procedures
INFORMATION SECURITY MANAGEMENT SYSTEM - ISO 27001 | BUSINESS CONTINUITY PLANNING & MANAGEMENT CYBER SECURITY | CAPABILITY STATEMENT | 37
PCI COMPLIANCE & PAYMENT CARD INDUSTRY SECURITY COMPLIANCE & SECURITY SKILLS TRAINING
Si offers a full range of PCI Compliance Consulting services to satisfy the requirements of the Payment Card Industry Data To enhance our compliance consulting services in the field of ISO 27001, Business continuity Management (BS 25999) and ITIL
Security Standards (PCI DSS) compliance. Si is a PCI Approved Scanning Vendor (ASV). we offer courses to enable our clients to take ownership of their compliance needs.
Our courses are delivered with a combination of inhouse trainers and experienced consultants from the UK.
What is PCI DSS? Information Security Programme
Course Name Duration Course Owner
The PCI Data Security Standard (DSS) was developed by In itself PCI does not address an organization’s information
the PCI Security Standards Council, and is enforced by the security and as such we recommend in addition to the 1. Implementation and Audit – ISMS-ISO 27001 2 Days Si & Partner
payment card issuers. It is designed to protect consumers requirements of PCI compliance a strong framework should
and businesses, and to encourage the global adoption of be established to provide a strong information security 2. Implementation and Audit – ITSM-ISO 20000 2 Days Si & Partner
consistent data security measures. The PCI DSS comprises environment. By focusing on a broader security program,
12 broad requirements which organizations must meet to organizations can mitigate potential data security breaches 3. Implementation and Audit – BCMS- ISO 22301 2 Days Si & Partner
maintain compliance. and cyber security attacks, which will lead to better service
to customers and increased profitability. 4. Internal Auditor - ISO 27001 2 Days Si & Partner
PCI DSS compliance requires any organization that
transmits, processes, or stores data that contains payment 5. Business Impact Analysis 2 Days Si & Partner
card information to protect the privacy and confidentiality
of that data. In addition to retailers, the PCI DSS standards 6. ISO 27005 2 Days Si & Partner
affect financial institutions, healthcare providers,
transportation service providers, the food and hospitality 7. Network Security Assessment 2 Days Si & Partner
industry, and payment service providers, among many
others. 8. Application Security Assessment 2 Days Si & Partner
PCI COMPLIANCE & PAYMENT CARD INDUSTRY SECURITY | COMPLIANCE & SECURITY SKILLS TRAINING CYBER SECURITY | CAPABILITY STATEMENT | 39
CONTACT US GLOBAL SECURITY OPERATION CENTRES
London, UK
UK New York
New Jersey,
USA
www.siconsult.co.uk
info@siconsult.com