network security assessment - kastechssg.com
TRANSCRIPT
vCompliance Assessment/Design for PCI
Services• PCI Gap Analysis• Card Holder Data Flow Centric • Network architecture assessment• Review device configurations• Implement access control
• Network Access Control• Host Access Control• Build Defence in Depth
architecture
Benefits• Control PCI-DSS Cost• Reduce Control Complexity
vFirewall Optimization Service
Kastech can optimize firewall rules to improve firewall performance!
Service FeaturesSupported Platforms Customer Benefits
• Rule & Object Cleanup
• Rule Tuning
• Rule Reordering
• Rule Risk Assessment
• Rule Compliance
• Cisco
• Juniper
• Fortinet
• Check Point
• McAfee
• Palo Alto
• Improved firewall performance
• No investment in tools/technology required
• Experienced firewall experts are reviewing firewall rules
• Extension of in-house team and skills
• Free up IT Staff to focus on strategic business needs
vSecurity Infrastructure and Monitoring
Router
MPLSPrivate BackbonePeering Stats
ContentDistributionNetworks
Partners &Suppliers
Back-EndMiddle Tier
AkamaiDigital Island (C&W)
DMZ
Firewall FirewallNetwork IDS Network IDS
Host IDS
Cisco3COMLucentNortelJuniper
F5ResonateCiscoNortelFoundry
InktomiPersistenceF5, Cisco
ApacheIISNetscapeiPlanet
ATG DynamoBroadVisionBEA WebLogicIBM WebSphereiPlanet App Svr
OracleMicrosoft SQLInformixSybase
NDSiPlanetNetscapeMicrosoft
TIBCOMQ SeriesVitriaWebMethodsSeeBeyondMSMQ
SiebelSAPBaanPeopleSoft
App. Log
vEnterprise Security Monitoring Process
Collect
Normalize
Aggregate
Correlate
Prepare Identity
Firewalls / IDS
Remote
Access
Corporate
Assets
Anti-Virus
Priority
Complexity
Severity
Normal or
False Positive
Known:
Malicious
Suspicious
Collect &
Correlate
Incident TrackingInitial Analysis
Security Architects
Monitoring
Team
Vulnerability
Scanners
Define
Manage
Audit
Securit
y
Policy
Audit/Compliance Team
Filter
Intruder
Activity
Target
Analyst Team
Threat Analysis
Target Profile
Business Value
SLA
Impact Analysis
Risk
Vulnerability
Vulnerability
Assessment
Architecture and
Configuration
Respond
Notification
Recommendation
Auto-Containment
Incident Response Team
Reporting
Policy Changes
Remediation
Remediation Team
Knowledge Base
Containment
Incident
Profiles
Threat
Profiles
Forensics
Rules
Best
Practices
Threat
Templates
Incident
Cases
Logs
Security Data Base
Asset
Profiles
Known
Vulnerabilities
vBehavioral based authentication
Authentication Hub
LOA
Advanced AnalyticsRisk Score API
Dynamic LOA API
BackendAnalytics
& Risk Engine
Prevent @ Inception
RT Push+TouchIDiWatch & Sign Out
Wearables + T/HapticSpatiotemporal +
Real-Time (RT)Authorization
SWIPE +Contextual
SWIPE + TAPAdvanced Contextual
Cognitive & Device Biometrics
FIDO UAF 1.0
FIDO 2.0When Available
DecentralizedAuthentication
• Binary authentication is obsolete
• Behavioral-based model is key
• Innovation applied to the interface
vBehavioral based authentication
• One framework
• Multiple authentication tools
• Change controls without changing applications
• Across mobile and web
• Policy-driven authentication model
vPrivilege user management & privilege activity management?
Reduce the number of privilege users1
3Implement data analytic techniques to determine behavioral patterns
2 Provide context to monitoring
Levelof access
Ability to modify
Access
Activity
Alerts
0 250 500 1000750
Non-PersonIDs
PersonIDs
Active
Removed
v
Suresh KatamreddyPhone: +1 210 859 [email protected]
Sri PatibandlaPhone: +1 832 651 4843
Sridhar KoneruPhone: +91 9949144599
Pradeep MPhone: 040 6515 6363
USA INDIA