Presentation is loading. Please wait.

Presentation is loading. Please wait.

Viewtrust Continuous Security, Risk and Compliance Management

Published byKelley Lucas Modified over 6 years ago

Similar presentations

Presentation on theme: "Viewtrust Continuous Security, Risk and Compliance Management"— Presentation transcript:

1 Viewtrust Continuous Security, Risk and Compliance Management

2 What is Viewtrust? Comprehensive Approach to Risk and Compliance Management Viewtrust provides continuous proactive monitoring of risks across enterprise cloud and non- cloud environments to address cyber, compliance and IT operational risks. Cyber Risk Compliance Risk IT Operational Risk VIEWTRUST Virtustream ViewtrustTM is a risk management and continuous compliance monitoring solution that provides organizations with a near real-time view of their entire compliance posture, showing when critical configuration standard guideline parameters have fallen outside predefined threshold values. Cyber Risk: External Sources and threats, like Vulnerabilities and Configuration issues Compliance Risk: Meeting (or not) meeting the compliance requirements you document and certify against. Secure does not equate to compliant… Non-compliant systems can be taken (forced) offline with significant impact to the business and its mission. IT Operational Risk: The prospect of loss resulting from inadequate or failed procedures, systems or policies. Employee errors. Systems failures. Fraud or other criminal activity. Any event that disrupts business processes.

3 Cloud and Data Center Agnostic
Application Managed Services Infrastructure Managed Services xStream Cloud Management Platform Hybrid Cloud Viewtrust Private Cloud Virtustream Enterprise Cloud Enterprise Data Center Virtustream Storage Cloud ON PREMISES OFF PREMISES

4 Compliance Management Continuous Monitoring
Customer Challenges Compliance Management Difficulty in fostering collaboration to prepare audit packages Inability to control compliance maintenance costs Risk Management Problems managing asset location and identification Difficulty understanding mission risk impacts Continuous Monitoring Difficulty monitoring evolving threats Inability to produce trending logic from multiple data feeds The world of enterprise information security, risk management, and regulatory compliance continues to grow more complex, virtualized, and distributed. Organizations must continuously monitor an increasingly diverse and complex landscape of systems to address information and network security, operational risk, and regulatory compliance needs to meet auditing and compliance requirements. Additionally, organizations need to proactively protect their systems and customers from ever-increasing and evolving cyber threats. Challenge 1: Compliance Achieving and maintaining regulatory and industry compliance is a complex and time-consuming challenge. Viewtrust gives compliance teams a way to manage the compliance process through its data collection and reporting processes. By comparing collected information to an organization’s compliance requirements, Viewtrust can alert the compliance team when the organization’s environment falls out of compliance. And Viewtrust’s reporting functions help streamline the process of preparing for an audit because the information from the IT assets has already been collected. Challenge 2: Risk Management Let’s say your CIO asks you…“I’ve read that there is an attack on our industry. What is our exposure? What is our risk posture?” Risk Management is a tedious task requiring the understanding of the location and type of all assets that comprise the IT environment. Additionally, it’s difficult to understand how risk will ultimately impact the mission and the elements that make up that risk. Challenge 3: Continuous Monitoring Because the only constant is change; do we know how we are managing our risk posture in the past, current, and future? Organizations struggle monitoring an evolving set of threats. In addition, organizations often find it difficult to produce usable trending logic based on multiple feeds from different systems.

5 How Viewtrust Addresses Customer Challenges
Risk Management and Continuous Compliance Monitoring Compliance Management Reduces effort, cost associated with maintaining compliance Enables efficient, collaborative, and consistent audit practice Builds and uses a knowledgebase for continuous data analytics Risk Management Uses standards-based framework for proactive risk management Automates risk analysis based on predefined threat/ impact values Identifies and prioritizes mitigation based on business impact analysis Continuous Monitoring Performs ongoing risk monitoring with increasing volumes of data Provides a 360 degree view of each asset within the enterprise Now let’s look at how Viewtrust addresses customer challenges. Viewtrust provides risk management and compliance monitoring, empowering IT leaders to adopt a proactive, holistic ERM strategy. Compliance Management: Viewtrust reduces the time, effort. Ad cost associated with achieving and maintaining regulatory and industry compliance. Viewtrust gives compliance teams a way to manage the compliance process through its data collection and reporting processes. By comparing collected information to an organization’s compliance requirements, Viewtrust can alert the compliance team when the organization’s environment falls out of compliance. And Viewtrust’s reporting functions help streamline the process of preparing for an audit because the information from the IT assets has already been collected. Risk Management: By comparing organizational assets against publically known security vulnerabilities (known as Common Vulnerabilities and Exposures, or CVE) from the National Vulnerability Database, Viewtrust can identify and automatically kick-off the remediation process for a vulnerability in the environment, resulting in minimal impact on systems and business functions. Continuous Monitoring: Viewtrust’s data collection and analysis capabilities allow organizations to reevaluate risk and compliance on an ongoing basis. The tools of various security teams exist in silos. For example, endpoint security, authentication, and data loss prevention. Through its data collection processes, Viewtrust breaks down these silos of information and allows clients to gain a holistic view of their risk exposure by displaying these risks and exposures in a single dashboard.

6 Viewtrust Operational Deployment Model
Collector(s) Quantitative risk and compliance analysis Enterprise risk and compliance reporting Holistic dashboards Host Scanner Configuration Manager Vulnerability Scanner Asset VM Physical Node Sensor -n Sensors IT System Assets SQL Security Package Tiered deployment of collectors Centralized analysis engine with SQL data warehouse Customized service provider and tenant dashboards

7 Risk Management Framework (RMF)
Assessment and Authorization (A&A) Process Categorize Information System 1 Multiple processes broken down into six distinct steps as defined by the National Institute for Standards and Technology Risk Management Framework (NIST) Monitor Security Controls 6 Select Security Controls 2 Authorize Information System 5 Implement Security Controls 3 Security Package Assess Security Controls 4 The Assessment and Authorization (or, A&A) process is made up of multiple processes; which in Viewtrust have been broken down into six distinct steps. These steps have been defined by the National Institute for Standards and Technology Risk Management Framework (or, NIST RMF). Within Viewtrust the user is presented with different wizards that walk them through the six-step process which are as follows: Step 1: Categorize Categorize the system and the information processed, stored, and transmitted by that system based on an impact analysis Step 2: Select Select an initial set of baseline security controls for the system based on the security categorization; tailoring and supplementing the security control baseline as needed based on organization assessment of risk and local conditions. Step 3: Implement Implement the security controls and document how the controls are deployed within the system and environment of operation.  Step 4: Assess Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Step 5: Authorize Authorize system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations and the Nation resulting from the operation of the system and the decision that this risk is acceptable. Step 6: Monitor Monitor and assess selected security controls in the system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to appropriate organizational officials.

8 Enterprise Risk and Compliance Reporting
Viewtrust reports: Designed and formatted to align with industry requirements Can be published for the enterprise or for subdivisions using the same data Available on demand The information Viewtrust collects and analyzes provides the basis for customer reporting. Viewtrust provides templates that are designed and formatted to align with industry requirements for auditing and compliance and can be configured to client specifications. Reports can be published for the entire application or for a specific group from within the same cut of data. Reports can also be scheduled or requested on-demand.

9 Integration with DISA eMASS
Automated Publication of Supporting Compliance Information Integration with U.S. Defense Information Systems Agency (DISA) Enterprise Mission Assurance Support Service (eMASS) application Enables automated publication of compliance statements, assessments, artifacts Out-of-the-box Viewtrust integrates directly with DISA’s eMASS application enabling Information Assurance (IA) teams to utilize key features and components. These features enable automated publication of compliance statements, assessments, artifacts and Plan of Action and Milestones (POA&M) into eMASS. Viewtrust automation significantly reduces the time spent completing steps three and four of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

10 360-Degree Asset Risk View

11 360-Degree Vulnerability Risk View

12 Compliance View

13 Better Cost Efficiency Integrated Management Platform
Value Proposition Automated, Continuous Risk and Compliance Management Better Cost Efficiency Integrated Management Platform Increased Visibility True Enterprise-Wide View Automates compliance, risk management and monitoring activities Provides single customer view into enterprise risk, governance and compliance Offers comprehensive, agnostic insight across physical, cloud and hybrid environments Improves system security through proactive monitoring and targeting The value proposition for Viewtrust is grounded in the benefits that automated, continuous risk and compliance management can yield. Viewtrust provides better cost efficiency by automating compliance, risk management and monitoring activities. Viewtrust acts as an integrated management platform, providing customers with a single customer view into enterprise risk, governance and compliance. Viewtrust increases visibility into risk and compliance, orchestrating a true 360° enterprise risk view by integrating reporting data from virtually any collection of existing systems, empowering enterprises with a comprehensive insight into their risk and compliance posture. And lastly, Viewtrust provides a true enterprise-wide view of risk and compliance by integrating information from across physical and cloud environments whether private, public, hybrid or community clouds.

14

15 Automated Risk and Compliance Management
Provides 360 degree view of IT risk Collaborative and workflow-driven platform Ingests data from multiple sources Automates compliance, risk management and report generation Resides on-premises and/or in cloud Viewtrust transforms the compliance effort into a paperless process that centralizes and expedites the development of A&A documentation packages and improves on the traditional, manual process which can be prone to high error rates and inherent operational delays. Provides a 360-degree unified view of enterprise IT risk on a single dashboard with the ability to drill down from top-level organization to asset Collaborative and workflow-driven platform for compliance automation and documentation Ingests data from multiple sources to provide a single view of an environment Automates compliance and risk management for enterprises and public, private or hybrid clouds Automates generation of audit and compliance documentation

Download ppt "Viewtrust Continuous Security, Risk and Compliance Management"

Similar presentations

System Center 2012 R2 Overview

System Center 2012 R2 Overview
HP Quality Center Overview.

HP Quality Center Overview.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Information Technology Audit

Information Technology Audit
Consultancy.

Consultancy.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Service Transition & Planning Service Validation & Testing

Service Transition & Planning Service Validation & Testing
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.

ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.
© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.

© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.
Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Similar presentations

Ads by Google