SlideShare a Scribd company logo

Enterprise security architecture approach

Download as PPTX, PDF
Maganathin Veeraragaloo, profile picture
Maganathin Veeraragaloo

The document outlines an enterprise security architecture approach focused on cyber resilience, highlighting key components such as risk assessment, asset discovery, automated penetration testing, and vulnerability scanning. It emphasizes the importance of proactive strategies, including setting up observability and conducting thorough analyses of active directories and email systems. The approach aims to improve security readiness and mitigate risks associated with cyber threats.

Small Business & Entrepreneurship
Related topics:
Cyber-Security
1 of 10
Download to read offline
1
2
3
Most read
4
5
Most read
6
7
8
Most read
9
10
ENTERPRISE SECURITY ARCHITECTURE APPROACH – CYBER RESILIENCE MAGANATHIN VEERARAGALOO 7TH DECEMBER 2021
APPROACH 1. Risk Assessment - Security Scorecard (free assessment) 2. Asset Discovery Bit Discovery (initially free) 3. Automated Penetration Testing (Blue/Red Team Approach) – no cost free tools 4. Vulnerability Scan – enterprise context (automated tools) –open source 5. Active Directory and Email Analysis (Email Rectification) 6. Setup Observability going forward – proactive approach 7. Resilience Approach (Recommendation) – going forward
1. RISK ASSESSMENT  Risk Assessment of current Environment Use Security Scorecard – http://www.securityscorecard.com
2. ASSET DISCOVERY • You cannot protect what you don’t know • Asset Discovery using Bit Discovery - https://bitdiscovery.com
3. AUTOMATED PENETRATION TESTING • Black-Box Test. • White-Box Test. • Network Service Penetration Testing. • Web Application Penetration Testing. • Wireless Penetration Testing. • Social Engineering Penetration Testing. • Physical Penetration Testing.
4. VULNERABILITY SCAN • Vulnerability scanning is the process of identifying security weaknesses and flaws in systems and software running on them. This is an integral component of a vulnerability management program, which has one overarching goal – to protect the organization from breaches and the exposure of sensitive data. These programs rely on assessment to gauge security readiness and minimize risk, and vulnerability scanning is a critical tool in the cybersecurity toolbox. • There are two big challenges related to traditional vulnerability assessment – knowing what to scan and knowing when to scan: • Keeping an up-to-date asset inventory is an essential first step and requires its own set of tools and strategies. • Making sure that your vulnerability scanning tools cover non-traditional assets such as BYOD devices, IoTs, mobile assets, and cloud services is essential. • In a world where cyber threats can come from any
5. ACTIVE DIRECTORY AND EMAIL ANALYSIS
6. SETUP OBSERVABILITY
7. RESILIENCE APPROACH
Q&A

More Related Content

PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
ODP
Cyber security awareness
Jason Murray
 
PDF
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
BCM Institute
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cyber security awareness
Jason Murray
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
BCM Institute
 
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 

What's hot (20)

PDF
Information Security Awareness for everyone
Yasir Nafees
 
PDF
Iso 27001
Adam Miller
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPT
Roadmap to IT Security Best Practices
Greenway Health
 
PPTX
Enterprise Security Architecture Design
Priyanka Aash
 
PPT
SABSA - Business Attributes Profiling
SABSAcourses
 
PPTX
Secure SDLC Framework
Rishi Kant
 
PPTX
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
PDF
Basics of Cyber Security
Nikunj Thakkar
 
DOCX
Security architecture proposal template
Moti Sagey מוטי שגיא
 
PPTX
Cyber Security Awareness
Innocent Korie
 
PDF
Information Security Awareness
Net at Work
 
PDF
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
PPTX
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
PDF
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
 
PPSX
2 Security Architecture+Design
Alfred Ouyang
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PPTX
Security Operation Center - Design & Build
Sameer Paradia
 
PPTX
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
 
Information Security Awareness for everyone
Yasir Nafees
 
Iso 27001
Adam Miller
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Roadmap to IT Security Best Practices
Greenway Health
 
Enterprise Security Architecture Design
Priyanka Aash
 
SABSA - Business Attributes Profiling
SABSAcourses
 
Secure SDLC Framework
Rishi Kant
 
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
Basics of Cyber Security
Nikunj Thakkar
 
Security architecture proposal template
Moti Sagey מוטי שגיא
 
Cyber Security Awareness
Innocent Korie
 
Information Security Awareness
Net at Work
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
 
Build an Information Security Strategy
Andrew Byers
 
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
 
2 Security Architecture+Design
Alfred Ouyang
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security Operation Center - Design & Build
Sameer Paradia
 
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
 
Ad

Similar to Enterprise security architecture approach (20)

PPTX
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 
PDF
Decision Support for Security-Control Identification Using Machine Learning
Lionel Briand
 
PPTX
OWASP
Pen Testeronyguy
 
PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
PPTX
501 ch 8 risk managment tool
gocybersec
 
PDF
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
PDF
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
PDF
Security Testing Approach for Web Application Testing.pdf
AmeliaJonas2
 
PPTX
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
PPTX
OpenSourceSecurityTools - UPDATED
Sparsh Raj
 
PDF
NSA and PT
Rahmat Suhatman
 
PPTX
Owasp mobile top 10
Pawel Rzepa
 
PDF
Visualization in the Age of Big Data
Raffael Marty
 
PDF
An overview of network penetration testing
eSAT Publishing House
 
PDF
The Joy of Proactive Security
Andy Hoernecke
 
PPTX
Web Investigation Through Penetration Tests.pptx
EntertainmentMedley
 
PPTX
How to develop an AppSec culture in your project
99X Technology
 
PPTX
Building an AppSec Culture
Nirosh Jayaratnam
 
PPTX
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
lior mazor
 
PDF
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 
Decision Support for Security-Control Identification Using Machine Learning
Lionel Briand
 
OWASP
Pen Testeronyguy
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
501 ch 8 risk managment tool
gocybersec
 
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
Security Testing Approach for Web Application Testing.pdf
AmeliaJonas2
 
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
OpenSourceSecurityTools - UPDATED
Sparsh Raj
 
NSA and PT
Rahmat Suhatman
 
Owasp mobile top 10
Pawel Rzepa
 
Visualization in the Age of Big Data
Raffael Marty
 
An overview of network penetration testing
eSAT Publishing House
 
The Joy of Proactive Security
Andy Hoernecke
 
Web Investigation Through Penetration Tests.pptx
EntertainmentMedley
 
How to develop an AppSec culture in your project
99X Technology
 
Building an AppSec Culture
Nirosh Jayaratnam
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
lior mazor
 
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
Ad

More from Maganathin Veeraragaloo (20)

PPTX
MULTI-CLOUD ARCHITECTURE
Maganathin Veeraragaloo
 
PPTX
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
PPTX
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
PPTX
Cloud Security (Domain1- 5)
Maganathin Veeraragaloo
 
PPTX
BTABOK / ITABOK
Maganathin Veeraragaloo
 
PPTX
Observability
Maganathin Veeraragaloo
 
PPTX
Foresight 4 Cybersecurity
Maganathin Veeraragaloo
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
PPTX
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PPTX
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
 
PPTX
ITIL4 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PPTX
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PPTX
COBIT 2019 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PPTX
Open Digital Framework from TMFORUM
Maganathin Veeraragaloo
 
PPTX
Cloud and Data Privacy
Maganathin Veeraragaloo
 
PPTX
XaaS Overview
Maganathin Veeraragaloo
 
PPTX
Multi cloud security architecture
Maganathin Veeraragaloo
 
PPTX
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
PPTX
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
MULTI-CLOUD ARCHITECTURE
Maganathin Veeraragaloo
 
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cloud Security (Domain1- 5)
Maganathin Veeraragaloo
 
BTABOK / ITABOK
Maganathin Veeraragaloo
 
Observability
Maganathin Veeraragaloo
 
Foresight 4 Cybersecurity
Maganathin Veeraragaloo
 
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
 
ITIL4 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Open Digital Framework from TMFORUM
Maganathin Veeraragaloo
 
Cloud and Data Privacy
Maganathin Veeraragaloo
 
XaaS Overview
Maganathin Veeraragaloo
 
Multi cloud security architecture
Maganathin Veeraragaloo
 
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 

Recently uploaded (20)

PDF
Driving Innovation & Growth, Scalable Startup IT Services That Deliver Result...
Mobisoft Infotech
 
PPTX
ENTREPRENEURSHIP..PPT.pptx..1234567891011
AnalynCanale1
 
PPTX
Peerless Plumbing Company-Fort Worth.pptx
Peerless Plumbing Company-Fort Worth
 
PDF
Chapter 3 - Business environment - Final.pdf
ek19nguyenvuthuha
 
PDF
Chapter 1 - Introduction to management.pdf
ek19nguyenvuthuha
 
PPTX
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 
PDF
Decision trees for high uncertainty decisions
ubertubers1
 
PDF
Pollitrace pitch deck- Ai powered multiple species
abukasadiq
 
PPT
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
PPTX
The Evolution of Search- Behaviour.pptx
32ridhikumari11d
 
PDF
AI Cloud Sprawl Is Real—Here’s How CXOs Can Regain Control Before It Costs Mi...
Sudeep Khire
 
PDF
Meme Coin Empire- Launch, Scale & Earn $500K-Month_3.pdf
hrushi013
 
PPTX
_From Idea to Revenue How First-Time Founders Are Monetizing Faster in 2025.pptx
32ridhikumari11d
 
PDF
Why Has Vertical Farming Recently Become More Economical.pdf
Skyfield Agritech
 
PPT
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
PPTX
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
PDF
Investment Risk Assessment Brief: Zacharia Ali and Associated Entities
publicrecordswatch
 
PDF
initiate-entrepreneurship-in-healthcare-service-management-in-sierra-leone.pdf
paulallieukamara31
 
PPTX
Process-and-Ethics-in-Research-1.potatoi
judekimwellnombre15
 
PPTX
Daily stand up meeting on the various business
SmitNeev
 
Driving Innovation & Growth, Scalable Startup IT Services That Deliver Result...
Mobisoft Infotech
 
ENTREPRENEURSHIP..PPT.pptx..1234567891011
AnalynCanale1
 
Peerless Plumbing Company-Fort Worth.pptx
Peerless Plumbing Company-Fort Worth
 
Chapter 3 - Business environment - Final.pdf
ek19nguyenvuthuha
 
Chapter 1 - Introduction to management.pdf
ek19nguyenvuthuha
 
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 
Decision trees for high uncertainty decisions
ubertubers1
 
Pollitrace pitch deck- Ai powered multiple species
abukasadiq
 
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
The Evolution of Search- Behaviour.pptx
32ridhikumari11d
 
AI Cloud Sprawl Is Real—Here’s How CXOs Can Regain Control Before It Costs Mi...
Sudeep Khire
 
Meme Coin Empire- Launch, Scale & Earn $500K-Month_3.pdf
hrushi013
 
_From Idea to Revenue How First-Time Founders Are Monetizing Faster in 2025.pptx
32ridhikumari11d
 
Why Has Vertical Farming Recently Become More Economical.pdf
Skyfield Agritech
 
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
Investment Risk Assessment Brief: Zacharia Ali and Associated Entities
publicrecordswatch
 
initiate-entrepreneurship-in-healthcare-service-management-in-sierra-leone.pdf
paulallieukamara31
 
Process-and-Ethics-in-Research-1.potatoi
judekimwellnombre15
 
Daily stand up meeting on the various business
SmitNeev
 

Enterprise security architecture approach

  • 1. ENTERPRISE SECURITY ARCHITECTURE APPROACH – CYBER RESILIENCE MAGANATHIN VEERARAGALOO 7TH DECEMBER 2021
  • 2. APPROACH 1. Risk Assessment - Security Scorecard (free assessment) 2. Asset Discovery Bit Discovery (initially free) 3. Automated Penetration Testing (Blue/Red Team Approach) – no cost free tools 4. Vulnerability Scan – enterprise context (automated tools) –open source 5. Active Directory and Email Analysis (Email Rectification) 6. Setup Observability going forward – proactive approach 7. Resilience Approach (Recommendation) – going forward
  • 3. 1. RISK ASSESSMENT  Risk Assessment of current Environment Use Security Scorecard – http://www.securityscorecard.com
  • 4. 2. ASSET DISCOVERY • You cannot protect what you don’t know • Asset Discovery using Bit Discovery - https://bitdiscovery.com
  • 5. 3. AUTOMATED PENETRATION TESTING • Black-Box Test. • White-Box Test. • Network Service Penetration Testing. • Web Application Penetration Testing. • Wireless Penetration Testing. • Social Engineering Penetration Testing. • Physical Penetration Testing.
  • 6. 4. VULNERABILITY SCAN • Vulnerability scanning is the process of identifying security weaknesses and flaws in systems and software running on them. This is an integral component of a vulnerability management program, which has one overarching goal – to protect the organization from breaches and the exposure of sensitive data. These programs rely on assessment to gauge security readiness and minimize risk, and vulnerability scanning is a critical tool in the cybersecurity toolbox. • There are two big challenges related to traditional vulnerability assessment – knowing what to scan and knowing when to scan: • Keeping an up-to-date asset inventory is an essential first step and requires its own set of tools and strategies. • Making sure that your vulnerability scanning tools cover non-traditional assets such as BYOD devices, IoTs, mobile assets, and cloud services is essential. • In a world where cyber threats can come from any
  • 7. 5. ACTIVE DIRECTORY AND EMAIL ANALYSIS
  • 10. Q&A