Transcription
Vulnerability ManagementJune 2018Risk Advisory
Vulnerability ManagementContentsA Better Way To Manage Vulnerabilities4Business Challenge6Vulnerability Management as a Service7Robust Service Architecture8Our Differentiators9Vulnerability Management Services Catalog10Contacts Us1403
Vulnerability ManagementA Better Way ToManage VulnerabilitiesMore Business. New Challenges.The digital revolution is driving businessinnovation and growth but it’s alsoexposing us to new and emerging threats.Exciting technological innovations bringfantastic opportunities to: Increase integration of business elementsin the environment; Drive efficiencies and optimum ways ofconducting business; and Initiate cost effective technologicalimplementations.Together with opportunity, it also bringsthe following risks: Increase in size and complexity ofenvironment More exposure to cyber attacks thanever before Data pilferage and security breachleading to loss of sensitive information04Vulnerability Management is a maturedoutcome of an early day practice ofvulnerability assessment. Today’s threatlandscape is unimaginably different, withthousands of new vulnerabilities reportedannually and the growing complexity ofthe organization’s environment. Verizon’sData Breach Incident Report of 2016shows an increasing trend in the numberof vulnerabilities identified and its exploits.The sheer volume of launched attacksdemands best-in-class vulnerabilitymanagement solutions that delivercomprehensive discovery to support theentire vulnerability management lifecycle.
Vulnerability ThnologyTecYourBusinesst ileAnalyticsHactivitiesSharedServicesInsiders05
Vulnerability ManagementIt is imperative for any organization to implement an effective VulnerabilityManagement to safeguard against attacks and threats in the environment. Aneffective way of handling sucha requirement is to go with a Managed Service methodology, which provides themost comprehensive solution.BusinessChallengeDo you have criticalbusiness applications?Is it a regulated marketbound by compliancerequirements?Is the companyenvironment gettingcomplex day by day?Do you store or processsensitive data?Is your organisationroutinely targeted andface attempts of attack?Are theremultiple platforms andtechnologies used?SolutionDeloitte's Cyber Risk Managed Services forVulnerability Management is the key to thisbusiness challenge. It offers the followingadvantages: Effective management of vulnerabilitiesassociated with critical Infrastructurecomponents. Ability to manage increase in scale andcomplexity of the environment.06 Meet regulatory compliancerequirements such as HIPAA, andSOX etc. Integration of Vulnerability Managementwith other security services such as SIEMand Threat Intelligence. Deep dive analysis of vulnerabilities alongwith correlation of threats and events.
Vulnerability ManagementVulnerabilityManagementas a ServiceDeloitte leverage its Cyber Intelligence Centre (CIC) platform to deliverdifferentiated vulnerability management services. It integrates advanced securitycapability with industry insight to provide application and infrastructure securityand offers a broad approach to vulnerability management that goes well beyondsecurity testing.End to End SupportUnlike traditional vulnerabilitymanagement program, we o end-to-end support right from theinitiation of scan till remediation.This helps e ectively address thevulnerabilities through a managedapproach.24 x 7 CoverageDeloitte’s CIC provides round-theclock support for our customers.This is critical while handling majorvulnerability outbreaks such asPOODLE and Shellshock. A swiftresponse is imminent in such ascenario.False Positive AnalysisFalse positives play an importantrole to remedy the vulnerabilities.A thorough analysis eliminatesfalse positives which in turn greatlyreduce the time and energy spent onapplying th x.Proof of ConceptEvery major vulnerability will besupported by a Proof of Conceptwhich helps in understanding thebusiness impact of the vulnerabilitiesand the need to remediate Criticaland High vulnerabilities in theenvironment.Remediation TrackingVulnerability management doesn’t end with performing a scan. An e ectiveprogram is substantiated by quality of remediation and takes corrective actionfrom reoccurring. We track every vulnerability till it is brought to closure.07
Vulnerability ManagementRobust ServiceArchitectureDeloitte’s managed Vulnerability Management service offers a complete vulnerabilitymanagement life cycle for finding and remediating security weaknesses before they areexploited and helps with improved visibility to security posture. Our Solution is integratedwith our Managed Threat Services (MTS) and Threat Intelligence and Analytics (TIA) Servicesto deliver true vulnerability intelligence to manage threats effectively.Vulnerability ManagementPresentation Layer - Customer AccessAsset InventoryHost speci cVulnerability DataVulnerabilityTracking statusRemediationTrend AnalysisOn demandScanReporting andDashboardData feed to Deloitte Portal2.ScanExecutionCreation of Account /SubscriptionIn-Scope assets(Network/Server/Workstation)Service opted forVulberabilityManagementPolicy CompliancePCI formCredentialed)3.Analysisof lsePositivesService IntegrationsThreat IntelligenceManaged Threat ServicesVulnerability IntelligenceSoftware Asset Management08Cyber Incident Response
Vulnerability ManagementOur DifferentiatorsRobustInfrastructureCIC is the backboneof ManagedVulnerability Service.It offers state of artfacility that enablesmooth fuctioningof VulnerabiltyManagement service.Swift Response toincidentsVulnerabilities are likelyto have catastrophicimpact if not dealthproperly. CIC enablesorganisation to provideprecise and swiftresponse to suchincidents.StructuredapproachThere are well definedand matured processand standardsthat govern theoverall vulnerabilitymanagementprogram.Integration andcorrelationVulnerabilities areinterlinked entitiesin relation to ThreatIntelligence, SIEM,and other securitycomponents thatprovide additionalinformation aboutthe threat in theenvironment.Dashboard viewDeloitte providesunique access to itscustomers to viewtheir VulnerabilityManagement status.This gives a completeview of the threatlandscape.09
Vulnerability ManagementVulnerabilityManagementServices CatalogDeloitte CIC offers Managed VulnerabilityServices in below mentioned options Basic Vulnerability ManagementStandard mode of service o ering with completelifecycle of Vulnerability Management to meet yourcompliance needs Premium Vulnerability ManagementO ers integration with SIEM tool and IncidentManagement which are Customer or Deloitteowned. Advance Vulnerability ManagementCorrelation with SIEM, Threat Intelligence tool, andAsset Management. Provides fully integrated viewof threat landscape.10
Vulnerability ManagementDeloitte leverages its Cyber Intelligence Centre todeliver managed vulnerability management servicesto its clients across the globe. The Deloitte CyberIntelligence Centre (CIC) combines deep cyberintelligence with broad business intelligence to deliverrelevant, tailored, and actionable insights to informbusiness decision-making. The CIC fuses a number ofservices together to provide our clients with a trulytailored service that enables them to fully understandtheir cyber risks and adopt proportionate responsesin an increasingly digital and interconnected businessenvironment. We do this by providing them with animproved visibility of threats and assets, based onhighly relevant intelligence that reflects their specificbusiness, market, and industry context.Related Services: Managed Threat ServicesIntegrates all your security logs and eventinformation for advanced correlation and analyticsand provides actionable insight. Solution integratesvulnerability management services for truevulnerability intelligence and on-demand actionsfor e ective monitoring. Managed Application SecurityProvides full life-cycle application security servicesranging from on-demand assessment to real-timeapplication security of client’s web presence. Threat Intelligence and AnalyticsProvides ability to leverage world’s leadingthreat intelligence capabilities, including darkweb monitoring, to help you with relevant threatintelligence to secure your business critical assets.Integrated with managed services to providescontextualized threat information for yourenvironment. Cyber Attack SimulationImprove resiliency of environment through ondemand cyber-attack simulation and validateprotection mechanism for enterprise IT systems.Simulation could range from a simple Phishingattempt to a complex DDoS on your environment. Software Asset ManagementIntegrate the software asset information withVulnerability Management capabilities to build realtime vulnerability intelligence. This signi cantlyimproves visibility for potential vulnerabilities insoftware assets which are not part of scannedassets or are missing from asset information11
Vulnerability Management12
Vulnerability Management13
Vulnerability ManagementKey Contacts:Rohit MahajanPresident - Risk Advisoryrmahajan@deloitte.comGaurav ShuklaPartner - Risk Advisoryshuklagaurav@deloitte.comAnand TiwariPartner - Risk Advisoryanandtiwari@deloitte.comSandeep KumarPartner - Risk Advisorykumarsandeep@deloitte.com14
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UKprivate company limited by guarantee (“DTTL”), its network of member firms,and their related entities. DTTL and each of its member firms are legallyseparate and independent entities. DTTL (also referred to as “Deloitte Global”)does not provide services to clients. Please see www.deloitte.com/about for amore detailed description of DTTL and its member firms.This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP).This material (including any information contained in it) is intended to providegeneral information on a particular subject(s) and is not an exhaustivetreatment of such subject(s) or a substitute to obtaining professional servicesor advice. This material may contain information sourced from publiclyavailable information or other third party sources. DTTILLP does notindependently verify any such sources and is not responsible for any losswhatsoever caused due to reliance placed on information sourced from suchsources. None of DTTILLP, Deloitte Touche Tohmatsu Limited, its memberfirms, or their related entities (collectively, the “Deloitte Network”) is, bymeans of this material, rendering any kind of investment, legal or otherprofessional advice or services. You should seek specific advice of therelevant professional(s) for these kind of services. This material orinformation is not intended to be relied upon as the sole basis for anydecision which may affect you or your business. Before making any decisionor taking any action that might affect your personal finances or business, youshould consult a qualified professional adviser.No entity in the Deloitte Network shall be responsible for any loss whatsoeversustained by any person or entity by reason of access to, use of or relianceon, this material. By using this material or any information contained in it, theuser accepts this entire notice and terms of use. 2018 Deloitte Touche Tohmatsu India LLP. Member of Deloitte ToucheTohmatsu Limited
entire vulnerability management lifecycle. A Better Way To . Manage Vulnerabilities More Business. New Challenges. Exciting technological innovations bring. fantastic opportunities to: Together with opportunity, it also brings the following risks: Vulnerability Management . T e. c h n o l o
