SlideShare a Scribd company logo

Best Practices for Intelligent Compliance

Download as PPTX, PDF
BMC Software, profile picture
BMC Software

The document discusses best practices for implementing intelligent compliance to protect systems from security vulnerabilities, emphasizing the importance of addressing known vulnerabilities through timely patching. It highlights the challenges organizations face in maintaining compliance and outlines the need for collaboration between security and operations teams, automated processes, and continuous monitoring. Key takeaways stress that compliance is complex and must be addressed in stages with no one-size-fits-all solution.

Technology
Related topics:
IT Security
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
© Copyright 1/6/2015 BMC Software, Inc1 Protect Your Systems From the Next Security Scandal Best Practices Guidance for Intelligent Compliance
© Copyright 1/6/2015 BMC Software, Inc2 Dominic Wellington @dwellington Intelligent Compliance
© Copyright 1/6/2015 BMC Software, Inc3 The Solution is Known Attacks Patches Most breaches exploit known vulnerabilities for which patches are available. Time More than 80% of attacks target known vulnerabilities (source: F-Secure) 79% 30+ days 80% 79% of vulnerabilities have patches available on day of disclosure (source: Secunia) On average, it takes 30+ days to patch an identified vulnerability (source: Qualys)
© Copyright 1/6/2015 BMC Software, Inc4 Heartbleed March 14 2012: Vulnerable code introduced into OpenSSL library What happened?
© Copyright 1/6/2015 BMC Software, Inc5 Heartbleed: a timeline Heartbleed bug disclosed heartbleed.com registered, logo created Patch available (1.0.1g) 309,197 public web servers remain vulnerable 318,239 public web servers remain vulnerable Community Health Systems hack disclosure April 7April 3 June 21April 1 May 8 August 18 2014
© Copyright 1/6/2015 BMC Software, Inc6 “ ” […] the breadth of at-risk machines is going to be significantly higher with Shellshock than with Heartbleed. Shellshock NIST: 10/10 A new bug every week
© Copyright 1/6/2015 BMC Software, Inc7 Security problems are like vampires
© Copyright 1/6/2015 BMC Software, Inc8 Clone old VM template Reinstall old vulnerable software version Boot unpatched server Missed the “unofficial” IT How do companies get bitten?
© Copyright 1/6/2015 BMC Software, Inc9 The SecOps Gap
© Copyright 1/6/2015 BMC Software, Inc10 Intelligent compliance transforms compliance from an activity that is exhausting, risky and incomplete into one that is routine, secure and comprehensive.
© Copyright 1/6/2015 BMC Software, Inc11 Best Practices Guidance for Intelligent Compliance AD HOC PROCESS STANDARDIZED ADVANCED TOOLS PATCH ASSESS COMPLY INTELLIGENT LEVELS TIME
© Copyright 1/6/2015 BMC Software, Inc12 DISCOVER REMEDIATE DEFINE AUDIT GOVERN Server Network Database Middleware Intelligent Compliance
© Copyright 1/6/2015 BMC Software, Inc13 Status Quo Intelligent Compliance Incomplete data Out of date – systems provisioned faster than discovered Data accuracy you can verify and trust Effortless continuous mapping of infrastructure and applications Discover
© Copyright 1/6/2015 BMC Software, Inc14 You can’t manage what you can’t measure Replace manual data collection with automatic inventory & relationship discovery Leverage inventory & relationship data in other IT processes Application Mapping: Connect data center infrastructure to business applications
© Copyright 1/6/2015 BMC Software, Inc15 Status Quo Intelligent Compliance Disconnected from operational details Incomplete specification of requirements Pre-defined policies – short time to value Detailed, actionable definition of desired state Define
© Copyright 1/6/2015 BMC Software, Inc16 Regulatory Compliance Sarbanes-Oxley (SOX) 404 Health Insurance Portability & Accountability Act (HIPAA) Payment Card Industry Digital Security Standard (PCI DSS) Security Compliance Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG) Center for Internet Security (CIS)
© Copyright 1/6/2015 BMC Software, Inc17 Status Quo Intelligent Compliance Based on individual interpretation Inconsistent and incomplete implementation and coverage Granular configuration visibility – avoid false positives & false negatives Regular, scheduled and automated Audit
© Copyright 1/6/2015 BMC Software, Inc18 Identify drift away from desired state Compare live configurations to a live reference system Troubleshoot issues caused by configuration discrepancies Compare the current state to known good state from a week ago Compare snapshots to each other to aid troubleshooting Different comparison types support different use cases. Compare the current state to out-of-the-box policies Use standard policies as templates to build customized operational policy LIVE SNAPSHOT POLICY
© Copyright 1/6/2015 BMC Software, Inc19 Status Quo Intelligent Compliance No way to verify success Risk of introducing additional issues No way to roll back changes Granular configuration changes – co-exist with other tools and approaches Built-in rollback in case of failure or unforeseen consequences Remediate
© Copyright 1/6/2015 BMC Software, Inc20 Close the SecOps Gap Automated remediation – no scripting Automated rollback in case of problems Support for exceptions to standard policy 44% Reduction 32% Reduction 45% Reduction
© Copyright 1/6/2015 BMC Software, Inc21 Status Quo Intelligent Compliance Manual entry (time consuming, error prone) Lack of trust in data No process enforcement Consistent audit trail and automatic documentation of actions & exceptions Process governance – change approval, maintenance windows, collision avoidance Govern
© Copyright 1/6/2015 BMC Software, Inc22 Orchestrate Automation and ITSM
© Copyright 1/6/2015 BMC Software, Inc23 Key takeaways 1. Compliance is a big problem The consequences of getting it wrong are severe 2. Neither Security nor Operations can fix it alone Different teams need to work together 3. There is no one size fits all solution No single product can solve this problem either 4. Tackle this problem in stages No need to solve the whole problem at once Dominic Wellington @dwellington bmc.com/intelligentcompliance
© Copyright 1/6/2015 BMC Software, Inc24 Thank You.

More Related Content

PPTX
Analyzing Your Government Contract Cybersecurity Compliance
Robert E Jones
 
PPTX
Cybersecurity Compliance in Government Contracts
Robert E Jones
 
PPTX
Analyzing Your GovCon Cybersecurity Compliance
Robert E Jones
 
PPTX
Security at velocity dc cap one
Chef
 
PPT
Lunch and Learn: June 29, 2010
prevalentnetworks
 
PPTX
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
 
PPTX
Performing One Audit Using Zero Trust Principles
ControlCase
 
PDF
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
 
Analyzing Your Government Contract Cybersecurity Compliance
Robert E Jones
 
Cybersecurity Compliance in Government Contracts
Robert E Jones
 
Analyzing Your GovCon Cybersecurity Compliance
Robert E Jones
 
Security at velocity dc cap one
Chef
 
Lunch and Learn: June 29, 2010
prevalentnetworks
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
 
Performing One Audit Using Zero Trust Principles
ControlCase
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
 

What's hot (20)

PPT
It Audit Expectations High Detail
ecarrow
 
PPTX
Integrated Compliance – Collect Evidence Once, Certify to Many
ControlCase
 
PPTX
IS audit checklist
iFour Consultancy Services
 
PPTX
IT Compliance in 2015 - Beyond the “v” model
IGATE Corporation
 
PPTX
Continous Audit and Controls with Brainwave GRC
Graeme Hein
 
PPTX
Identifying critical security controls
Elizabeth Baker, JD, CRCMP
 
PDF
Why Medical Devices Are So Vulnerable
Medigate
 
PPT
Information Systems Security Review 2004
Donald E. Hester
 
PDF
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
PPT
Industry Reliability and Security Standards Working Together
EnergySec
 
PDF
Physical Security Information Management Solution for the Enterprise
VidSys, Inc.
 
PPTX
Developing a Continuous Monitoring Action Plan
Tripwire
 
PDF
Hipaa checklist - information security
Vijay Sekar
 
PPTX
Docker container webinar final
ControlCase
 
PPTX
Continuous Compliance Monitoring
ControlCase
 
PPTX
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
PPT
Why Use Wes Tech Solutions
doughold
 
PPT
Why Use Westech Solutions
Jhugueno
 
PPTX
Geist Presentation
stacygriggs
 
PPTX
I.T. Geeks Can't Talk to Management
Tripwire
 
It Audit Expectations High Detail
ecarrow
 
Integrated Compliance – Collect Evidence Once, Certify to Many
ControlCase
 
IS audit checklist
iFour Consultancy Services
 
IT Compliance in 2015 - Beyond the “v” model
IGATE Corporation
 
Continous Audit and Controls with Brainwave GRC
Graeme Hein
 
Identifying critical security controls
Elizabeth Baker, JD, CRCMP
 
Why Medical Devices Are So Vulnerable
Medigate
 
Information Systems Security Review 2004
Donald E. Hester
 
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
Industry Reliability and Security Standards Working Together
EnergySec
 
Physical Security Information Management Solution for the Enterprise
VidSys, Inc.
 
Developing a Continuous Monitoring Action Plan
Tripwire
 
Hipaa checklist - information security
Vijay Sekar
 
Docker container webinar final
ControlCase
 
Continuous Compliance Monitoring
ControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
Why Use Wes Tech Solutions
doughold
 
Why Use Westech Solutions
Jhugueno
 
Geist Presentation
stacygriggs
 
I.T. Geeks Can't Talk to Management
Tripwire
 
Ad

Viewers also liked (7)

PDF
Self Service Workload Automation
BMC Software
 
PPTX
Have your own Ticker Tape Parade—Promote Solution Success
BMC Software
 
PPTX
How to Manage MLC Costs to Optimize the Mainframe
BMC Software
 
PPTX
Remedyforce Localization and Translation
BMC Software
 
PDF
Constech SIAM
Juha Tujula
 
PDF
Aligning BPM and EA
Sandy Kemsley
 
PPTX
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
BMC Software
 
Self Service Workload Automation
BMC Software
 
Have your own Ticker Tape Parade—Promote Solution Success
BMC Software
 
How to Manage MLC Costs to Optimize the Mainframe
BMC Software
 
Remedyforce Localization and Translation
BMC Software
 
Constech SIAM
Juha Tujula
 
Aligning BPM and EA
Sandy Kemsley
 
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
BMC Software
 
Ad

Similar to Best Practices for Intelligent Compliance (20)

PPTX
How to Close the SecOps Gap
BMC Software
 
PDF
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
PPT
Fusion - BMC Service Assurance & Automation
jegasu
 
PDF
Avoiding Data Breaches in 2016: What You Need to Kow
Enterprise Management Associates
 
PDF
Avoiding Data Breaches in 2016: What You Need to Know
Enterprise Management Associates
 
PPTX
2019 08-13 selecting the right security policy management solution
AlgoSec
 
PDF
Ad Hoc Automation is an Expensive Mistake
BMC Software
 
PDF
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM Security
 
PPT
58466507 event-management-best-practices-1-488
Prasad Rt
 
PPTX
IT Cost Transparency with Capacity Optimization
BMC Software
 
PPTX
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Puppet
 
PDF
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
PPTX
Security Automation Quick Wins - Siemplify Webinar
Sarah (Bueno) Eck
 
PPT
Managing IT Infrastructure And Applications Proactively For Performance And U...
Vyom Labs
 
PPTX
BMC Control-M for SAP, BPI, and AFT - VPMA - Secret Weapons for a Successful...
BMC Software
 
PDF
Database monitoring - First and Last Line of Defense
Imperva
 
PDF
What’s the State of Your Endpoint Security?
IBM Security
 
PDF
Proactive Project Management w/Machine Learning
NorthCoastHDI
 
PPT
Selecting the right security policy management solution for your organization
AlgoSec
 
PPTX
BMC Helix Discovery_Master_1911.pptx
Kuldip18
 
How to Close the SecOps Gap
BMC Software
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
Fusion - BMC Service Assurance & Automation
jegasu
 
Avoiding Data Breaches in 2016: What You Need to Kow
Enterprise Management Associates
 
Avoiding Data Breaches in 2016: What You Need to Know
Enterprise Management Associates
 
2019 08-13 selecting the right security policy management solution
AlgoSec
 
Ad Hoc Automation is an Expensive Mistake
BMC Software
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM Security
 
58466507 event-management-best-practices-1-488
Prasad Rt
 
IT Cost Transparency with Capacity Optimization
BMC Software
 
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Puppet
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
Security Automation Quick Wins - Siemplify Webinar
Sarah (Bueno) Eck
 
Managing IT Infrastructure And Applications Proactively For Performance And U...
Vyom Labs
 
BMC Control-M for SAP, BPI, and AFT - VPMA - Secret Weapons for a Successful...
BMC Software
 
Database monitoring - First and Last Line of Defense
Imperva
 
What’s the State of Your Endpoint Security?
IBM Security
 
Proactive Project Management w/Machine Learning
NorthCoastHDI
 
Selecting the right security policy management solution for your organization
AlgoSec
 
BMC Helix Discovery_Master_1911.pptx
Kuldip18
 

More from BMC Software (20)

PDF
The Accelerator's Guide to Digital Transformation
BMC Software
 
PDF
Flip the Switch On Continuous Delivery
BMC Software
 
PDF
Peer Into the Bright Future on the Service Desk Horizon
BMC Software
 
PDF
Remedyforce helps General Dynamics meet ever-changing user needs
BMC Software
 
PDF
BMC Software Remedyforce Case Study
BMC Software
 
PDF
Mission: Launch a Digital Workplace
BMC Software
 
PPTX
How Will Your Cloud Strategy Impact Your Cyber Strategy?
BMC Software
 
PDF
The Power of Monitoring Studio in TrueSight
BMC Software
 
PDF
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
BMC Software
 
PPTX
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
BMC Software
 
PPTX
Salesforce Lightning Process Builder IS the next-generation workflow tool
BMC Software
 
PDF
What Do Executives Need to Do to Go Digital?
BMC Software
 
PDF
Curating Your Digital Workplace: Key Steps for IT
BMC Software
 
PDF
Delivering the Digital Workplace Without the Chaos
BMC Software
 
PPTX
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
BMC Software
 
PPTX
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
BMC Software
 
PDF
Next Generation Technology Utility Benchmarks
BMC Software
 
PPTX
User Creation and Authentication in Remedyforce
BMC Software
 
PDF
IT Managers Answer Questions about the Future of the Digital Economy
BMC Software
 
PDF
BMC Remedyforce vs Other IT Service Management
BMC Software
 
The Accelerator's Guide to Digital Transformation
BMC Software
 
Flip the Switch On Continuous Delivery
BMC Software
 
Peer Into the Bright Future on the Service Desk Horizon
BMC Software
 
Remedyforce helps General Dynamics meet ever-changing user needs
BMC Software
 
BMC Software Remedyforce Case Study
BMC Software
 
Mission: Launch a Digital Workplace
BMC Software
 
How Will Your Cloud Strategy Impact Your Cyber Strategy?
BMC Software
 
The Power of Monitoring Studio in TrueSight
BMC Software
 
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
BMC Software
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
BMC Software
 
Salesforce Lightning Process Builder IS the next-generation workflow tool
BMC Software
 
What Do Executives Need to Do to Go Digital?
BMC Software
 
Curating Your Digital Workplace: Key Steps for IT
BMC Software
 
Delivering the Digital Workplace Without the Chaos
BMC Software
 
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
BMC Software
 
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
BMC Software
 
Next Generation Technology Utility Benchmarks
BMC Software
 
User Creation and Authentication in Remedyforce
BMC Software
 
IT Managers Answer Questions about the Future of the Digital Economy
BMC Software
 
BMC Remedyforce vs Other IT Service Management
BMC Software
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
KodekX | Application Modernization Development
KodekX
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 

Best Practices for Intelligent Compliance

  • 1. © Copyright 1/6/2015 BMC Software, Inc1 Protect Your Systems From the Next Security Scandal Best Practices Guidance for Intelligent Compliance
  • 2. © Copyright 1/6/2015 BMC Software, Inc2 Dominic Wellington @dwellington Intelligent Compliance
  • 3. © Copyright 1/6/2015 BMC Software, Inc3 The Solution is Known Attacks Patches Most breaches exploit known vulnerabilities for which patches are available. Time More than 80% of attacks target known vulnerabilities (source: F-Secure) 79% 30+ days 80% 79% of vulnerabilities have patches available on day of disclosure (source: Secunia) On average, it takes 30+ days to patch an identified vulnerability (source: Qualys)
  • 4. © Copyright 1/6/2015 BMC Software, Inc4 Heartbleed March 14 2012: Vulnerable code introduced into OpenSSL library What happened?
  • 5. © Copyright 1/6/2015 BMC Software, Inc5 Heartbleed: a timeline Heartbleed bug disclosed heartbleed.com registered, logo created Patch available (1.0.1g) 309,197 public web servers remain vulnerable 318,239 public web servers remain vulnerable Community Health Systems hack disclosure April 7April 3 June 21April 1 May 8 August 18 2014
  • 6. © Copyright 1/6/2015 BMC Software, Inc6 “ ” […] the breadth of at-risk machines is going to be significantly higher with Shellshock than with Heartbleed. Shellshock NIST: 10/10 A new bug every week
  • 7. © Copyright 1/6/2015 BMC Software, Inc7 Security problems are like vampires
  • 8. © Copyright 1/6/2015 BMC Software, Inc8 Clone old VM template Reinstall old vulnerable software version Boot unpatched server Missed the “unofficial” IT How do companies get bitten?
  • 9. © Copyright 1/6/2015 BMC Software, Inc9 The SecOps Gap
  • 10. © Copyright 1/6/2015 BMC Software, Inc10 Intelligent compliance transforms compliance from an activity that is exhausting, risky and incomplete into one that is routine, secure and comprehensive.
  • 11. © Copyright 1/6/2015 BMC Software, Inc11 Best Practices Guidance for Intelligent Compliance AD HOC PROCESS STANDARDIZED ADVANCED TOOLS PATCH ASSESS COMPLY INTELLIGENT LEVELS TIME
  • 12. © Copyright 1/6/2015 BMC Software, Inc12 DISCOVER REMEDIATE DEFINE AUDIT GOVERN Server Network Database Middleware Intelligent Compliance
  • 13. © Copyright 1/6/2015 BMC Software, Inc13 Status Quo Intelligent Compliance Incomplete data Out of date – systems provisioned faster than discovered Data accuracy you can verify and trust Effortless continuous mapping of infrastructure and applications Discover
  • 14. © Copyright 1/6/2015 BMC Software, Inc14 You can’t manage what you can’t measure Replace manual data collection with automatic inventory & relationship discovery Leverage inventory & relationship data in other IT processes Application Mapping: Connect data center infrastructure to business applications
  • 15. © Copyright 1/6/2015 BMC Software, Inc15 Status Quo Intelligent Compliance Disconnected from operational details Incomplete specification of requirements Pre-defined policies – short time to value Detailed, actionable definition of desired state Define
  • 16. © Copyright 1/6/2015 BMC Software, Inc16 Regulatory Compliance Sarbanes-Oxley (SOX) 404 Health Insurance Portability & Accountability Act (HIPAA) Payment Card Industry Digital Security Standard (PCI DSS) Security Compliance Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG) Center for Internet Security (CIS)
  • 17. © Copyright 1/6/2015 BMC Software, Inc17 Status Quo Intelligent Compliance Based on individual interpretation Inconsistent and incomplete implementation and coverage Granular configuration visibility – avoid false positives & false negatives Regular, scheduled and automated Audit
  • 18. © Copyright 1/6/2015 BMC Software, Inc18 Identify drift away from desired state Compare live configurations to a live reference system Troubleshoot issues caused by configuration discrepancies Compare the current state to known good state from a week ago Compare snapshots to each other to aid troubleshooting Different comparison types support different use cases. Compare the current state to out-of-the-box policies Use standard policies as templates to build customized operational policy LIVE SNAPSHOT POLICY
  • 19. © Copyright 1/6/2015 BMC Software, Inc19 Status Quo Intelligent Compliance No way to verify success Risk of introducing additional issues No way to roll back changes Granular configuration changes – co-exist with other tools and approaches Built-in rollback in case of failure or unforeseen consequences Remediate
  • 20. © Copyright 1/6/2015 BMC Software, Inc20 Close the SecOps Gap Automated remediation – no scripting Automated rollback in case of problems Support for exceptions to standard policy 44% Reduction 32% Reduction 45% Reduction
  • 21. © Copyright 1/6/2015 BMC Software, Inc21 Status Quo Intelligent Compliance Manual entry (time consuming, error prone) Lack of trust in data No process enforcement Consistent audit trail and automatic documentation of actions & exceptions Process governance – change approval, maintenance windows, collision avoidance Govern
  • 22. © Copyright 1/6/2015 BMC Software, Inc22 Orchestrate Automation and ITSM
  • 23. © Copyright 1/6/2015 BMC Software, Inc23 Key takeaways 1. Compliance is a big problem The consequences of getting it wrong are severe 2. Neither Security nor Operations can fix it alone Different teams need to work together 3. There is no one size fits all solution No single product can solve this problem either 4. Tackle this problem in stages No need to solve the whole problem at once Dominic Wellington @dwellington bmc.com/intelligentcompliance
  • 24. © Copyright 1/6/2015 BMC Software, Inc24 Thank You.

Editor's Notes

  • #12: Here’s a quick refresh on the value path.