Enfo siem säkerhetsdagen_2013
- 1. Enfo Sweden AB SIEM “Data security with business benefits” Pekka Hagström
- 2. “Sony Makes it Official: PlayStation Network Hacked” “Sony PlayStation network hacked again ...” “New York Times hacked” “New York Times hacked for Four Months Straight” “Wall Street Journal says it has also been hacked” “Google kills Iranian blog with 3 million hacked bank accounts” “Försvaret, TT, SJ, Swedbank och SEB utsatta för ’denial of service” ”Praktikanten läste ex-pojkvännens journal” Datainspektionen - Samtliga landsting bryter mot lagen! 40.000 anställda i (Stockholm) landsting har åtkomst till dina journaler
- 3. SIEM as a solution Security information management: “Analysis and reporting for compliance and forensic” Security event management: “Immediate reaction to threats detected by real-time tracking” SIEM based business intelligence: “Support business decision-making with usage information”
- 5. Then, HIPAA compliance in reality? ”Tidigare var det sekretess runt varje förvaltning i vården. Nu råder i stället sekretess i hela landstinget. Tystnadsplikten mot allmänheten är fortfarande lika sträng men internt har den öppnats upp. Med öppenheten följer också konsekvenser för patientens integritet. Om en patient till exempel anförtrott sexuella övergrepp till en doktor finns numera möjlighet för andra landstingsanställda att ta del av anteckningar”
- 6. Threat management DETECT REACT
- 7. More professional threats … Source: IBM “Executive guide to security intelligence” January 2013
- 8. Top 5 security threats for 2013* 1. Cyber (in)security 2. Supply chain security 3. Big data 4. Data security in the cloud 5. Consumerization – securing consumer devices * Source: The Information Security Forum
- 9. Is the ‘detection’ out-sourced?? Source: Verizon Risk Team, “2012 Data breach investigations report”
- 10. Advanced tools are available!
- 12. Case: Optimize IT infrastructure Monitor / Upgrade? 120% 90% 80% 100% 70% 60% Berlin 50% 80% 40% London 30% Peak load 60% Copenhagen 20% Average load 10% 40% Stockholm 0% Helsinki 20% 0% 1 2 3 4 5 6 7 Application server utilization graph Consolidate servers?
- 13. How to proceed?
- 14. Enfo SIEM service layers Project SIEM consultancy services based Audit reports, GAP-analysis, ICT security strategy SIEM requirements , specifications and configurations SIEM monitoring & analysis services Service based Ongoing security and compliance monitoring Ongoing SIEM business intelligence services SIEM Hosting services Platform-services for SIEM software & databases Fault tolerance- and back-up services
- 15. Further information & contact • Pekka Hagström, Senior Consultant Telephone: +46 70-971 93 63 E-mail: pekka.hagström@enfo.se • Claes Dagnell, Business Area manager Telephone: +46 70-6021689 E-mail: claes.dagnell@enfo.se • Peter Selemark, Sales manager Telephone: +46 73-365 77 98 E-mail: peter.selemark@enfo.se • Peter Lörincz, CEO Telephone: +46 736-840866 E-mail: peter.lorincz@enfo.se