IT Security Management
The aim of IT Security Management is to protect the data and services on which the information is based, in accordance with the value they represent for the company with regard to confidentiality, integrity and availability.
Comprehensive security solutions that can be adapted to deal with the complex threats and business needs have become indispensable in the modern business landscape. If you want to stay one step ahead of external and internal attacks, you need quick response times, continuous monitoring and the ability to identify and actively respond to known, unknown and complex threats.
Where do the challenges lie?
In recent years, the subject of IT security has compelled many IT manager to act quickly in order to avert detrimental consequences. Numerous attacks (botnets, malware, Trojans, ransomware and phishing attack) are constantly placing company data under threat. This means that businesses have to be more vigilant than ever, as any attack on a company data can result in high economic losses.
Armed against more cyber attacks
The number of cyber attacks has risen enormously. Gone are the days of the amateur, nowadays professional groups are at work. They work collaboratively, dividing up the tasks, and always use new paths of attack. Companies cannot cope with these kind of huge cyber threats on their own any more. Such threats can stem from a variety of sources, for example: out-of-date software with vulnerabilities, unpatched systems or carelessness of when dealing with new technologies, such as the Internet of Things (IoT). Cyber attacks are becoming increasingly more sophisticated and can bypass conventional forms of protection with the use of methods such as botnets Drive-by-Exploits or Advanced Persistent Threats.
What is being done about it
Various studies have shown that although companies are become increasingly aware of security threats to their IT, they in fact do very little to prevent this from happening. No matter what size the company is, the effort awarded to IT security cannot be limited to simply setting up and maintaining a firewall. This kind of traditional security measure only provides a protective function. Successful attacks must also be expected in secure IT systems. Every day there are new variants and procedures that ultimately only have one goal: to undermine and break through existing security measures. IT Security Management does not just include Prevention but also Detection and Response and it is regarded as a uniform process.
Benefits of IT Security Management
Unsere Komplettlösungen
Sicherheitsüberwachung und Risiko-Erkennung rund um die Uhr
Betreiben Sie IHR eigenes Security Operations Center (SOC) mit IHREM Team basierend auf der RADAR Platform oder überlassen Sie uns den kompletten Aufbau und Betrieb mittels unseren Managed Security Services. SIE entscheiden und können nichts falsch machen – weil ein Umstieg zwischen den beiden Betriebsmodellen in beide Richtungen bei Bedarf auch noch später mit derselben Technologie unproblematisch bewerkstelltig werden kann.
Wir unterstützen Sie sowieso in allen Phasen von der Planung und Implementierung, bis hin zur Integration in Ihre Organisation und der laufenden Verbesserung – egal ob Sie die Security Services auf- oder ausbauen möchten.
Die RadarPlatform ist dabei das Herzstück, die einen an Ihre Bedürfnisse angepassten Einsatz erlaubt. Ständige Updates, integrierte Threat Intelligence und laufende Verbesserungen sind inklusive. Von Big Data Analyse bis zu maßgeschneiderten Berichten im Risk & Security Cockpit und Alarmierung – alles immer state-of-the-art und nach dem bewährten RadarServices Schema der Erkennung und Bewertung inklusive Advanced Correlation Engine.
Darüber hinaus unterstützen wir Sie durch unsere SOC Empowerment Services: Wir passen die Plattform an Ihre speziellen Bedürfnisse an, führen Trainings für Ihr SOC-Team durch und stellen gemeinsam mit Ihnen die für Ihre Organisation passenden Prozesse und Best Practices auf. Das Ziel immer vor Augen: höchste Effektivität bei Detection & Response. Unsere Erfahrung ist für Sie immer zugänglich.
Die Nutzen von Cyber Security Detection & Response sind
Korrelation, Cross-Korrelation und Aggregation von Ereignissen aus Security Information & Event Management (SIEM) und Logging, Network-based Intrusion Detection (NIDS), Host-based Intrusion Detection System (HIDS), Vulnerability Management and Assessment (VAS), Software Compliance (SOCO) und Advanced Threat Detection (Email & Web / ATD).
Kundenspezifische Anforderungen werden in Erkennungsszenarien abgebildet.
Privileged Account Management
Nowadays, companies invest significant resources in building an infrastructure to ensure the business continues to run uninterrupted and in compliance with the legal regulations. A typical IT environment consists of hundreds or even thousands of servers, databases and network devices that are all controlled and managed through identities with far-reaching privileges. This includes, for example, accounts such as Root with Unix/Linux, Administrator with Windows, Cisco Enable, Oracle system/sys, MSSQL SA, SAPall. And it is actually these Super-User accounts that are often neglected, their session activities are difficult to track and their passwords are rarely changed or not changed at all.
In certain cases, it is not just internal members of staff who need these identities, but also external partners. That is why the access data must be reliably protected by means of secure remote access and secure session initialisation. In many cases, passwords are also required for applications, scripts and configuration data; these are never changed and are completely exposed to prying eyes. As is understandable, this results in significant risks for businesses.
Privileged Accounts pose the biggest vulnerability to security that organisations face today. If privileged accounts end up in the hands of external attackers or insiders wishing to cause malicious acts, they will be able to take control of an organisation’s IT infrastructure, disable the security controls, steal confidential information, commit financial fraud and cause significant disruptions to the flow of operations. Almost all cases of data security breaches stem from stolen or abusive use of privileged login credentials. Given this growing threat, organisations need control systems that will proactively protect them from current cyber attack, detect and respond to such attacks before any of their critical systems or sensitive data are affected.
To prevent the misuse of privileged accounts and to protect their valuable resources, companies have to:
Is the risk underestimated?
A current study on the subject of security of user accounts reveals that over 80% of all large companies either do not know or seriously underestimate the risks associated with privileged user accounts. 30% of those questioned from these companies believe that the number of privileged user accounts in their respective company to be less than 250. But in a business that employ 5,000 people, this number can be easily assumed to be five to ten times greater. The study also showed that more than one third of those asked did not know where to find the privileged user accounts in their company.
As the number of threats increases so have the regulations tightened regarding the requirements for the checks and monitoring of privileged user accounts. Companies that do not fully understand their own user account structure, can be under no illusion that they will pass the relevant audits, which will ultimately result in substantial fines. In addition to this, there is the risk of data leaks.
Access Rights Management
Monitoring and controlling who can access what data!
Authorisations regulate who can and cannot do what in their IT landscape. An important component of comprehensive data protection is ensuring that only the people who have the corresponding authorisation can access the respective data. Since the structure of authorisations have often grown over time and inherently become very complex, many companies no longer have a suitable overview of who is authorised to what and why.
The challenges of Access Rights Management
Why choose Access Rights Management
Transparency
Minimise risks (protect essential company information)
Efficiency
Efficient distribution of rights (automated and more efficient process in the IT department)
Responsibility
Data owner (involving the individuals responsible)
Security
BSI measures (as a building block for certified security)
IDM Integration (authorisation situation in the company structure)
Audit-compliant reports (for auditors, data protection auditors and data owners)
We pursue the following objectives with the introduction of a solution for the management of users and permissions in the Microsoft environment (AD):
- Knowledge and data are secured as the company’s greatest capital
- The requirements of the BSI Basic Protection and ISO 27001can be met
- The ability to monitor security-based activities in the company network
- Access Rights Management becomes a standardised and efficient process
- IT becomes more agile and can respond more quickly to your needs
- Restoring control on permissions and accesses.
Vulnerability Managemement
Vulnerability Management refers to the process that aims to make companies or organisations less vulnerable to attacks and to minimise security incidents that are critical to the business.
How secure and compliant really is your network?
Skimming from company servers, credit card fraud, violation of privacy policies or complete operating failure: Vulnerabilities, these weak points within the IT infrastructure allow unauthorised individuals repeated access to sensitive data. They present extremely interesting targets for cyber criminals, and they allow them to penetrate the IT infrastructure of a company and wreak havoc once they are in.
Vulnerability Management, abbreviated as VM, is the regulated and continuous use of specialised security tools and workflows that actively help with the identification and elimination of security-based risks.
The aims of Vulnerability Management are to:
Most companies use simple tools for VM, and some even free products. Security messages need to be scoured manually for hours on end with these isolated solutions – many of which turn out to be false alarms. But it is not just this accumulation of “False-Positive-Alerts” that gives the Security Manager a headache, the software versions of these “self-made solutions” also needs to be constantly updated manually.
With the Tripwire IP 360 solution, Genesis provides a fully advanced, fully integrated and automated Vulnerability and Compliance Audit solution.
SIEM & Log Management
The area of IT security has changed considerably over recent years. The intensive use of Internet infrastructures represents a security risk for important business applications and services – not just in the operational area! Recently companies have had to face completely new scenarios triggered by the growing integration of business processes and connection of external partners to previously closed IT systems. The legal and regulatory framework has also been tightened considerably at the same time.
An SIEM (Security Information & Event Management System) that is precisely tailored to the security needs of the company needs to be implemented for the company to be able to detect attacks on the IT infrastructure and to be able to respond to them properly. In addition to this, Compliance Reporting – which provides proof that the legal and regulatory framework is being complied with – is an important indicator for the IT Security Risk Management.
But there is the problem that thousands of events have to be generated and vast quantities of data have to be individually analysed every day within the IT security. It is almost impossible to separate the wheat from the chaff. But since all the events, data and information generated by the security components are of importance, they have to be assessed and correlated with other data and information, in order to reveal the true significance. This process is extremely time-consuming, prone to errors and costs money.
Why choose SIEM
What does an SIEM solution consist of?
Central Monitoring Platform
Summarising all the log and event data and alarms from the various components (Firewalls, IDS, Server, Router, etc.) on a central log platform. The log and event data are converted into a uniform format (normalisation) and data that is not required is filtered out (aggregation).
Real-time Threat Analysis
The data and/or events are correlated in real time using different methods (impact, statistical and rule-based correlation). This reduces the number of “False Positives” and false alarms as well as keeping a firm focus on the right and important events.
Investigation and Countermeasures
Any potential threat that is identified is then investigated and the necessary measures are taken to eradicate the threat (installation of an SW patch, adjusting the IDS or firewall systems).
Reporting and Audit
Real-time and historical reports on security events can be generated and used for audit/compliance check (ISO 27000/001/002/003, GDPR, PCI, HIPAA, FINMA).
