Criticality of Monitoring in Digital World Ananth Kumar Mysore Subbarao 24 July 2016 presentation at 19 th Conference of ISACA Bangalore © 2016

Table of Contents ■IT before and after Y2K ■Risk to Data ■User Behaviour ■Monitoring.. Just a formality?? ■Typical Monitoring ■Challenges in SME ■Solution.. ISMC ■Advantages ■Case Studies ■Something to think about.. for future

IT before Y2K  IT department was known as EDP  Behind a closed doors  Servers and EDP operators hosted together  Printer in a secure room  Any data is moved out mainly as print out  Floppy only mobile storage  No remote access to Data  Software's like WordStar, Lotus and dBase used  Storage space was in few hundred MB  Network access is restricted  No Internet or WAN

IT after Y2K  IT part of every day life  Not everything behind close doors  Servers located in data center 1000s of miles away  Printer access at every nook and corner  Data access in Air, sea and Land  Terabytes on thumb size mobile storage  Data is always accessed remotely  Variety of software including cloud based  Everything is networked  Internet.. No boundaries

Risk to Data HackersInternal ThreatsLack of Awareness Cloud Storage Lack of security of mobile Devices Espionage Ever Changing Threat Landscape

User Behaviour  Need Data Access 24 / 7  End device controls very weak (especially smart or mobile devices)  Security awareness is just another activity  Working for remote locations (less secure areas)  Security controls are always meant to be for others…  Security.. What is that ?? That is not my responsibility..!!!

Monitoring.. Just a formality  Clients / auditors ask for it.. so do some logging  Default setting on devices  Physical and Technology are independent no correlation  Check logs only when there is a incident  More worried about avaliabity of server rather than data movement  User access logging not done since they need large storage space  Advanced tools used but no training of resources

Traditional Monitoring CCTV Access Control User Access Network Monitoring Independent systems not interconnected

Challenges in SME  Security requirements are high  User awareness issues  Management focus on security is distributed  Budget are low  Security team is multi tasked

Solution.. ISMC Integrated Security Monitoring Center

Advantages  Correlated View of security controls  Better control over User access and Behavior  Proactive measure to prevent any incidents  Centralized data asset monitoring  Meets International Security standards requirements  Better Management oversight

Information Lost to Competitor One of the manufacturing company lost several key market sensitive information to competitor When incident was investigated it was found one of the employee’s who was serving his notice period had stayed back in office after all this colleagues had left for the day. He printed out several documents and carried with him to his new job Could ISMC have prevent it? Yes, provide the access control logs and system access logs were integrated and review in real time

Potential Information theft prevented An Alert Security Guard found a camera phone with an employee who was coming out of a secure work area When the employee was investigated it was found, he was come on every weekend to office to take pictures of a confidential process document. Could ISMC have prevent it? Yes, provide the access control logs and system access logs were integrated and reviewed in real time

Administrator had unauthorized remote access to servers During a routine walk of system administrator bay one of the managers found a monitor had not screen locked and cursor was moving. That system was assigned to an administrator who was not in office that day. Manager enquired with other system administrators. It was found that system administrator had installed an unauthorized remote login software and was accessing that system from home. This particular system had server farm access. ISMC was a solution in this case as well. This would have helped in real time reconciliation of physical access to system logs

Something to think about..  Management will continue to see security as non-revenue generation  Security budgets are shrinking  New technologies available but very expensive  We do lots of certification for personal growth.. Learning should be put to practical use  C.I.A and P.P.T need to be integrated for better results  Expectations from security professional will continue to increase.. Need to find “out of box” solutions

THANK YOU om