Source
fire
Customer Case Study
Nokia Siemens Networks: Creating Actionable
Security Intelligence for Global IT
Infrastructures
Tim Larson
Agenda
▸ Introduction of Case Study ▸ Business Problem
▸ Formula for Success
▸ Integration of Global Processes, Virtual Organizations, & Technology ▸ Benefits of Sourcefire Deployment
▸ Summary of Results
Introduction to Case Study
Nokia Siemens Network‟s environment
▸
Company: Leading provider of mobile phone network gear, employing 65,000
people in over 120 countries.
▸
Network: Large-scale manufacturing systems with vendor and customer
access and supported by numerous service provider organizations.
Key Point:
„
-
This case study
addresses the fact that in today’s world, it’s no
longer only about what resources (people, process, products,
partners) you possess -
it’s about Knowing How to make
the best use of them.
Analyst comments:
●
The point is well-taken, according to Craig Roth, an analyst with
Gartner Inc.'s Burton Group division and author of the recent report,
"Building a Business Case for Collaboration Initiatives." As the
business environment becomes more competitive, more global, and
more cost-sensitive and responsive, the need for technologies that
support collaboration is increasing.
●
For many CIOs, breaking down information silos — and forcing
cooperation — is the innovation that will lead to more innovation.
The Vanguard Group is convinced that the social collaboration and
communication tools her IT team is implementing and supporting will
dramatically
change corporate culture
in concrete ways, such as
compensation, as well as in ways we cannot even imagine.
▸ What is the change in the world that has brought this issue to the
forefront? Virtualization within the global enterprise. Utilizing multiple vendors
and technologies internal and external. ▸ What are the regulatory concerns?
● International Data Privacy laws relevant to local jurisdictions
● Involvement of Corp Sec., HR, Legal
● Communication with Worker’s Council members
● Handling of sensitive information – transferring data to SOC located outside
the EU
▸ What is the scope of the problem (The NEED)?
● No commercial tools for leveraging investment in security products like log management, vulnerability management, and intrusion management with upstream and downstream internal asset information systems. Creating
Actionable Security Intelligence in a virtual global IT environment.
▸ What exactly were you trying to resolve (The NEED)?
Optimizing business processes around the consolidation of information from multiple systems while ensuring that high priority incidents are worked based on risk factor (security severity and asset classification).▸ How did you approach problem?
Discovering and changing processes, assessing and implementing technologies, convince management to address the problem in parallel with the technology deployment plan. TIG and SIG teams.▸ Formula for Success = 25% technology deployment + 50% process
integration + 25% over come internal resistance to collaboration.
Data Center 1 SMC Data Center 3 SMC Data Center 4 SMC Data Center 6 SMC Data Center 2 SMC Data Center 5 SMC
Discover, Build, Promote Collaboration.
Version updated August 5,2008
Integration of Log Mgmt into the Incident Handling Process
M S S P S O C /C E R T S e rv ic e P ro v id e s Yes No Yes Yes MSSP / SOC Monitoring & Alerting Vuln is in MP/ SC
Possible Incident Detected Valid NSN incident Level 4-5 Event MSSP Portal Report Yes Create MSSP Ticket Incident handling Verification & Analysis Create OTRS Ticket Update MSSP Ticket Update OTRS ticket Incident Handling Remediation Create a SP ticket Update SP ticket Incident handling Remediation verification Yes Update OTRS ticket Yes Approve to close SP ticket No Inform NSN CERT Other source of Incident information SOC/CERT duty-officer Inform NSN CERT More SP remediation needed? No Incident handling Counter measure Case assigned to CERT & MSSP Yes MSSP Portal Level 1-3 Event System Designer Review/update MP/Std Conf Inform NSN CERT Define new controls in MP / Std Config Implementation Std Conf mis-match, Update OTRS ticket No
SP1, SP2,SP3,SP4
Benefits of Solution
●
Leveraged prior investments in technology
●
Provide Actionable Intelligence into the
organization by de-stove-piping data feeds
●
NOC-SOC-Stakeholder collaboration
●
Developed a common understanding with SP’ers
●
SOC visibility into Integrity of Service Providers
●
Increased Productivity of Stakeholders
●
Decreased MTTR to Risks
Security a ”clean-slate”
Technology Deployment that drives Risk Mgmt
Vulnerability Management Vulnerability Information Service Intrusion Management Log Management▸ What was the final result?
Utilized commercial security technology solutions and developed a flexible modular solution for automating Risk Management.
▸ How did it work out?
An automated, integrated approach to IT Security which benefits the client by:
● Integrated solution: People, Processes and Technologies
● Enabled organization to reduce IT Operational costs
● Reduced risks to Business Critical Assets
● Increased CERT and Service Provider effectiveness and efficiency
● Facilitated a risk-based plan for remediation and escalation management
● Provided a more cost-effective and timely solution
▸ How much time did it take?
Six months (POC > Pilot > Production)▸ Stakeholder feedback?
● “All is better as the approach is a really good solution”
Summary of Results
Business Drivers and Challenges for IT
Security Risk Management
●
Allow more partners/collaborators into the network
●
Move security closer to the Business Applications
▸ Can I identify abnormal access to applications?
●