Transcription
Vulnerability ManagementCyber Risk Managed Services
Vulnerability Management Cyber Risk Managed ServiceContentsA Better Way To Manage Vulnerabilities4Business Challenge6Vulnerability Management as a Service7Robust Service Architecture8Our Differentiators9Vulnerability Management Services Catalog10Contacts Us1403
Vulnerability Management Cyber Risk Managed ServiceA Better Way ToManage VulnerabilitiesMore Business. New Challenges.The digital revolution is driving businessinnovation and growth but it’s alsoexposing us to new and emerging threats.Exciting technological innovations bringfantastic opportunities to: Increase integration of business elementsin the environment; Drive efficiencies and optimum ways ofconducting business; and Initiate cost effective technologicalimplementations.Together with opportunity, it also bringsthe following risks: Increase in size and complexity ofenvironment More exposure to cyber attacks thanever before Data pilferage and security breachleading to loss of sensitive information04Vulnerability Management is a maturedoutcome of an early day practice ofvulnerability assessment. Today’s threatlandscape is unimaginably different, withthousands of new vulnerabilities reportedannually and the growing complexity ofthe organization’s environment. Verizon’sData Breach Incident Report of 2016shows an increasing trend in the numberof vulnerabilities identified and its exploits.The sheer volume of launched attacksdemands best-in-class vulnerabilitymanagement solutions that delivercomprehensive discovery to support theentire vulnerability management lifecycle.
Vulnerability Management Cyber Risk Managed ologyTecYourBusinesst ileAnalyticsHactivitiesSharedServicesInsiders05
Vulnerability Management Cyber Risk Managed ServiceIt is imperative for any organization to implement an effective VulnerabilityManagement to safeguard against attacks and threats in the environment. Aneffective way of handling sucha requirement is to go with a Managed Service methodology, which provides themost comprehensive solution.BusinessChallengeDo you have criticalbusiness applications?Is it a regulated marketbound by compliancerequirements?Is the companyenvironment gettingcomplex day by day?Do you store or processsensitive data?Is your organisationroutinely targeted andface attempts of attack?Are theremultiple platforms andtechnologies used?SolutionDeloitte's Cyber Risk Managed Services forVulnerability Management is the key to thisbusiness challenge. It offers the followingadvantages: Effective management of vulnerabilitiesassociated with critical Infrastructurecomponents. Ability to manage increase in scale andcomplexity of the environment.06 Meet regulatory compliancerequirements such as HIPAA, andSOX etc. Integration of Vulnerability Managementwith other security services such as SIEMand Threat Intelligence. Deep dive analysis of vulnerabilities alongwith correlation of threats and events.
Vulnerability Management Cyber Risk Managed ServiceVulnerabilityManagementas a ServiceDeloitte leverage its Cyber Intelligence Centre (CIC) platform to deliverdifferentiated vulnerability management services. It integrates advanced securitycapability with industry insight to provide application and infrastructure securityand offers a broad approach to vulnerability management that goes well beyondsecurity testing.End to End SupportUnlike traditional vulnerabilitymanagement program, we offerend-to-end support right from theinitiation of scan till remediation.This helps effectively address thevulnerabilities through a managedapproach.24 x 7 CoverageDeloitte’s CIC provides round-theclock support for our customers.This is critical while handling majorvulnerability outbreaks such asPOODLE and Shellshock. A swiftresponse is imminent in such ascenario.False Positive AnalysisFalse positives play an importantrole to remedy the vulnerabilities.A thorough analysis eliminatesfalse positives which in turn greatlyreduce the time and energy spent onapplying the fix.Proof of ConceptEvery major vulnerability will besupported by a Proof of Conceptwhich helps in understanding thebusiness impact of the vulnerabilitiesand the need to remediate Criticaland High vulnerabilities in theenvironment.Remediation TrackingVulnerability management doesn’t end with performing a scan. An effectiveprogram is substantiated by quality of remediation and takes corrective actionfrom reoccurring. We track every vulnerability till it is brought to closure.07
Vulnerability Management Cyber Risk Managed ServiceRobust ServiceArchitectureDeloitte’s managed Vulnerability Management service offers a complete vulnerabilitymanagement life cycle for finding and remediating security weaknesses before they areexploited and helps with improved visibility to security posture. Our Solution is integratedwith our Managed Threat Services (MTS) and Threat Intelligence and Analytics (TIA) Servicesto deliver true vulnerability intelligence to manage threats effectively.Vulnerability ManagementPresentation Layer - Customer AccessAsset InventoryHost specificVulnerability DataVulnerabilityTracking statusRemediationTrend AnalysisOn demandScanReporting andDashboardData feed to Deloitte Portal2.ScanExecutionCreation of Account /SubscriptionIn-Scope assets(Network/Server/Workstation)Service opted forVulberabilityManagementPolicy CompliancePCI formCredentialed)3.Analysisof lsePositivesService IntegrationsThreat IntelligenceManaged Threat ServicesVulnerability IntelligenceSoftware Asset Management08Cyber Incident Response
Vulnerability Management Cyber Risk Managed ServiceOur DifferentiatorsRobustInfrastructureCIC is the backboneof ManagedVulnerability Service.It offers state of artfacility that enablesmooth fuctioningof VulnerabiltyManagement service.Swift Response toincidentsVulnerabilities are likelyto have catastrophicimpact if not dealthproperly. CIC enablesorganisation to provideprecise and swiftresponse to suchincidents.StructuredapproachThere are well definedand matured processand standardsthat govern theoverall vulnerabilitymanagementprogram.Integration andcorrelationVulnerabilities areinterlinked entitiesin relation to ThreatIntelligence, SIEM,and other securitycomponents thatprovide additionalinformation aboutthe threat in theenvironment.Dashboard viewDeloitte providesunique access to itscustomers to viewtheir VulnerabilityManagement status.This gives a completeview of the threatlandscape.09
Vulnerability Management Cyber Risk Managed ServiceVulnerabilityManagementServices CatalogDeloitte CIC offers Managed VulnerabilityServices in below mentioned options Basic Vulnerability ManagementStandard mode of service offering with completelifecycle of Vulnerability Management to meet yourcompliance needs Premium Vulnerability ManagementOffers integration with SIEM tool and IncidentManagement which are Customer or Deloitteowned. Advance Vulnerability ManagementCorrelation with SIEM, Threat Intelligence tool, andAsset Management. Provides fully integrated viewof threat landscape.10
Vulnerability Management Cyber Risk Managed ServiceDeloitte leverages its Cyber Intelligence Centre todeliver managed vulnerability management servicesto its clients across the globe. The Deloitte CyberIntelligence Centre (CIC) combines deep cyberintelligence with broad business intelligence to deliverrelevant, tailored, and actionable insights to informbusiness decision-making. The CIC fuses a number ofservices together to provide our clients with a trulytailored service that enables them to fully understandtheir cyber risks and adopt proportionate responsesin an increasingly digital and interconnected businessenvironment. We do this by providing them with animproved visibility of threats and assets, based onhighly relevant intelligence that reflects their specificbusiness, market, and industry context.Related Services: Managed Threat ServicesIntegrates all your security logs and eventinformation for advanced correlation and analyticsand provides actionable insight. Solution integratesvulnerability management services for truevulnerability intelligence and on-demand actionsfor effective monitoring. Managed Application SecurityProvides full life-cycle application security servicesranging from on-demand assessment to real-timeapplication security of client’s web presence. Threat Intelligence and AnalyticsProvides ability to leverage world’s leadingthreat intelligence capabilities, including darkweb monitoring, to help you with relevant threatintelligence to secure your business critical assets.Integrated with managed services to providescontextualized threat information for yourenvironment. Cyber Attack SimulationImprove resiliency of environment through ondemand cyber-attack simulation and validateprotection mechanism for enterprise IT systems.Simulation could range from a simple Phishingattempt to a complex DDoS on your environment. Software Asset ManagementIntegrate the software asset information withVulnerability Management capabilities to build realtime vulnerability intelligence. This significantlyimproves visibility for potential vulnerabilities insoftware assets which are not part of scannedassets or are missing from asset information11
Vulnerability Management Cyber Risk Managed Service12
Vulnerability Management Cyber Risk Managed Service13
Vulnerability Management Cyber Risk Managed ServiceKey Contacts:NationalAmry JunaideenPresidentNational Leader – Risk Advisoryamjunaideen@deloitte.comMumbaiShree ParthasarathyPartner – Risk AdvisoryNational Leader – Cyber Risk Servicessparthasarathy@deloitte.comGurgaonA.K. ViswanathanPartner – Risk AdvisoryCyber Risk ServicesMumbaiPriti RayPartner – Risk AdvisoryCyber Risk ServicesMumbai & KolkataAbhijit KatkarPartner – Risk AdvisoryCyber Risk ServicesMumbaiManinder BharadwajPartner – Risk AdvisoryCyber Risk ServicesBangaloreRamu NarsapuramPartner – Risk AdvisoryCyber Risk ServicesHyderabadAshish SharmaPartner – Risk AdvisoryCyber Risk ServicesPuneRegionalRavi VeeraraghavanPartner – Risk AdvisoryChennaiNational Cyber CoEAnand PrakashDirector – Risk AdvisorySolution ArchitectCyber - Managed Risk Servicesanandtiwari@deloitte.comAchal GangwaniSenior Manager – Risk AdvisorySolution LeadCyber - Managed Risk Servicesagangwani@deloitte.comTo discuss your unique challenges and how Deloitte can help you, contact us at incicindia@deloitte.com.14
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UKprivate company limited by guarantee (“DTTL”), its network of member firms,and their related entities. DTTL and each of its member firms are legallyseparate and independent entities. DTTL (also referred to as “Deloitte Global”)does not provide services to clients. Please see www.deloitte.com/about for amore detailed description of DTTL and its member firms.This material and the information contained herein prepared by DeloitteTouche Tohmatsu India LLP (DTTILLP) is intended to provide generalinformation on a particular subject or subjects and is not an exhaustivetreatment of such subject(s). None of DTTILLP, Deloitte Touche TohmatsuLimited, its member firms, or their related entities (collectively, the “DeloitteNetwork”) is, by means of this material, rendering professional advice orservices. The information is not intended to be relied upon as the sole basisfor any decision which may affect you or your business. Before making anydecision or taking any action that might affect your personal finances orbusiness, you should consult a qualified professional adviser.No entity in the Deloitte Network shall be responsible for any loss whatsoeversustained by any person who relies on this material. 2016 Deloitte Touche Tohmatsu India LLP.
entire vulnerability management lifecycle. A Better Way To Manage Vulnerabilities More Business. New Challenges. Exciting technological innovations bring fantastic opportunities to: Together with opportunity, it also brings the following risks: Vulnerability Management Cyber Risk Managed S
