GDPR Part 5: Better Together Quest & Cyberquest

Better Together:
Adrian DUMITRESCU
Q-East Software
www.qeast.ro
&

SECURITY AND COMPLIANCE IMPACT
2
2
88% 63,437 80%
64%
Of data braches are caused by
human error and system problems
365 days
Organizations need to be compliant and
maintain internal policies
75%
Of organizations have to adhere to
more than one compliance or
departmental requirement
1 in 5
Customers would stop doing
business with a bank, credit card co.
or retailer after a security breach
62%
Of organizations are unaware of
security breaches and non-compliance
for months
930 Million
The number of data breaches since
2005
Of threats come from privilege
insiders
Threats across organizations in
2014
Of Cyber-espionage is done
through internal systems
www.qeast.ro

TECHNICAL CHALLENGES
3
3
Event logs
Point products
IT Data
Analytics
Security
• Retention requirements for
compliance are long
• Noisy, cryptic, incomplete
data
• Vulnerable to manipulation
• Storage is expensive
• Lack of integration
• Too many data silos
• Too many GUIs
• Security gaps
• No comprehensive view of “who
has access” and “who did what”
• Inability to take action on
suspicious user activity and
patterns.
• Difficult to search & maintain
massive amounts of data
• Data resides on disparate,
heterogeneous networks
www.qeast.ro

5 IT AUDITING & COMPLIANCE MISTAKES ORGANIZATIONS MAKE
Lack of visibility into who is doing what in application silos.
Underestimating user & organizational impact.
Inconsistent or absence of a GRC strategy.
Inadequate data protection.
1
2
3
4
Failure to plan and manage external and internal audits.5
www.qeast.ro

WHAT IF YOU COULD…
1
With one view answer: who has access,
how was it obtained, and how was it used –
all in real time?
2
Complete investigations with full-text search
of critical IT data and its relation to users
and events?
3
Report on user activity for internal
investigations and compliance?
4
Be alerted on violations, malicious activity
and suspicious trends as they happen?
5
Automate and secure collection of log data
from disparate platforms without needing
expertise?
6
Save expensive storage space and maintain
compliance by storing event logs in a
compressed, encrypted format?
7
Troubleshoot and pinpoint problems should
an incident occur for operational visibility?
8
Improve insight and communication across
teams with flexible reporting?
9
Eliminate information security silos with
integration for SIEM solutions?
10
Leverage security and auditing solutions
already in place?
www.qeast.ro

GAIN IT INSIGHTS WITH ON-THE-FLY INVESTIGATIONS
6
6
Correlate disparate IT data
Review incidents quickly
Investigate Dynamically
www.qeast.ro

AUTOMATE, ARCHIVE AND SECURE EVENT LOGS
7
7
Real time log collection
Archive, normalize and categorize
Secure events before they’re sent
www.qeast.ro

IMPROVE IT DATA ANALYTICS
8
8
Single pane of glass
SIEM integration
Diverse systems support
www.qeast.ro

COVERING THE SIX COMPLIANCE “W”
9
9
Who made the change?
When the change was made?
Why the change was made? (Comment)
Where the change was made from?
What object was changed (before and after)?
Workstation where the request originated?
www.qeast.ro

DEDICATED AUDIT FOR CRITICAL PLATFORMS
10
10
 AD, LDAP,Exchange,SharePoint,SQLServer, WindowsNTFS
 Windowslogons,Defender, AuthenticationServices, Safeguard
 Registry,services
 Localusersandgroups
 SkypeforBusiness
 WindowsAzure,Office365,OneDrive
 VMwarevCenter
 NetApp,EMC, FluidFS, CloudStorage
www.qeast.ro

ACTIVE DIRECTORY AUDIT: ADMINISTRATIVE ACTIONS
11
11 www.qeast.ro

ACTIVE DIRECTORY AUDIT: USER ACTIONS
12
12 www.qeast.ro

ACTIVE DIRECTORY AUDIT: CRITICAL OBJECTS PROTECTION
13
13 www.qeast.ro

MICROSOFT EXCHANGE AUDIT: OWNER AND NON-OWNER ACTIVITY
14
14 www.qeast.ro

WINDOWS NTFS AUDIT: USER ACTIONS
15
15 www.qeast.ro

WINDOWS NTFS AUDIT: CUSTOM TEMPLATES
16
16 www.qeast.ro

SQL SERVER AUDIT: SUPPORT FOR ANY VERSION
17
17 www.qeast.ro

SQL SERVER AUDIT: DETAILED EVENTS
18
18
Captures the analyzed query
www.qeast.ro

SQL SERVER AUDIT: BEST PRACTICES TEMPLATE
19
19
• Add DB User
• Add Login
• Add Login to server role
• Add Member to DB role
• Add Role
• Change Database Owner
• Change Member in DB Role
• Create database
• Delete database
• Delete DB user
• Delete Login
• Delete Login from Server role
• Delete member from DB role
• Delete Role
• Grant database access to DB user
• Revoke database access from DB user
397 SQL events included in the template
www.qeast.ro

SHAREPOINT AUDIT: CUSTOM TEMPLATES
20
20 www.qeast.ro

SHAREPOINT AUDIT: CUSTOM TEMPLATES
21
21 www.qeast.ro

SHAREPOINT AUDIT: DETAILED USER ACTIVITY
22
22 www.qeast.ro

VMWARE AUDIT: ADD-ON TO ALL LICENSING OPTIONS
23
23 www.qeast.ro

IN 2016 SECURITYCURRENT.COM RELEASED A RESEARCH
25 CISOs identified the biggest security challenges for the new year
 The ability to detect and manage an incident
 Securing personally identifiable information records from cyber attacks
 Building a pervasive security culture at employee level
 Conversion of the traditional end-point protection into technologies that can counteract ransomware
 Reduce breach detection times and close all digital doors
 Transform the role of the CISO from business solution providers to leaders and protectors
 Manage cyberthreats in the IoT world
 Accelerate the adoption of simple things: asset inventory, implement strong admin and user authentication, device
encryption, backup etc.
 Elevate the “state of IT security” and communicate the right information to leadership
 Focus on compliance standards implementation
24
http://www.securitycurrent.com/en/ciso_journal/ac_ciso_journal/cisos-
identify-the-biggest-security-challenges-as-they-enter-the-new-year
www.qeast.ro

REAL LIFE APPLICATION OF THOSE CONCERNS
25
Capture ATP
Intrusion Prevention
Intrusion Detection
www.qeast.ro

THE BIGGEST SECURITY CHALLENGE IN THE WORLD TODAY
26
“...a wealth of information creates a poverty of attention...”
― Herbert A. Simon
“In the Information Age, the first step to sanity is FILTERING.
Filter the information: extract for knowledge.”
― Marc Stiegler
Where is the knowledge we have lost in information?
― T. S. Eliot
www.qeast.ro

THE BIGGEST SECURITY CHALLENGE IN THE WORLD TODAY
27
IDC predicts that, by 2020,
organizations that analyze all relevant
data and deliver actionable
information will achieve extra $430
billion in productivity gains over their
less analytically oriented peers.
Fast, accurate security insights that lead to better business decisions
It’s hard to deliver business value when you’re dealing with data that’s:
• Poor quality or incomplete
• Stale
• Siloed in dozens of unconnected applications
• Drawn from external sources that you don't control
www.qeast.ro

THIS IS WHY WE CREATED CYBERQUEST
A high performance investigation and analytics tool with contextual, industry-specific
dashboards: all in one place, in real time, to enhance the value of your existing
security setup
One Single View over All
Events
High-speed event search
Real-time Alerts
Enabling immediate
measures
Industry-specific
Dashboards
Rapid decision making
among infinite data logs
Predefined Scheduled
Reports
For compliance and reduced
internal effort
Fast Deployment
30 minutes - 4 hours,
depending on the customer’s
complexity
www.qeast.ro

SECURITY ANALYTICS PLATFORM
 Precise identification of security incidents through
innovative multi-SIEM/multi-platform data correlation
 Real-time / schedule based connectivity to classical
SIEM systems for data feeds
 Embedded reports to validate control efficiency and
effectiveness for frameworks and standards: ISO 27001,
COBIT, FISMA, HIPPA, PCI/DSS, SOX
 And more…
www.qeast.ro

HIGH LEVEL CAPABILITIES
 Pre-configured connectors for a wide number of industry standard platforms: operating systems, ODBC databases,
communications platforms, network devices, firewalls, IDS/IPS and database security solutions, SIEMs
 JavaScript based event log parsing
 NetFlow integration
 Report packs for multiple technologies and compliance standards
 Advanced Event Browser
 Unlimited data storage that is compressed, encrypted and digitally signed
 Unlimited number of nodes and scalability for all components (data collection, data parsing, data storage)
 Full Cisco support and Unified Event Bus
 Full support for Quest Change Auditor, One Identity Safeguard and SonicWall firewalls
 Biometric security data integration
www.qeast.ro

ONGOING DEVELOPMENT AND INTEGRATION
 Over 100 supported technologies from the initial 12
 Focus on security analytics and business insights
 Scaled up from 25,000 EPS to over 200,000
 Scaled up from 2TB of repository data to over 20TB and queries response from tens of minutes to <5 minutes
 Added built-in compliance for COSO and FIEL and reshaping the existing report packs
 Added case management module
 New modules for internal security evaluation and response: identity theft (biometrics and identity solutions integration,
internal fraud)
 New dedicated connectors for unified communications and distinct security platforms
 New data collection, data parsing and data storage processors
 New user interface for extended visibility into business processes
 GDPR compliance dashboards and reports
Version 2.5 is already in production since May 2018
www.qeast.ro

ENTERPRISE SECURITY: END-TO-END AUDIT AND COMPLIANCE
Graphical anomaly analyzer starting from
one single exception event
Correlation between tens of millions of
events in seconds
User-defined alerts for the most specific
event requirements
Intensive industry-specific expertise for
high visibility and compliance
Integration with physical security systems and
correlation of data logs with real life events
Based on synthesized results displayed into
graphical intuitive charts
www.qeast.ro

ANAF INTEGRITY DIVISION
Criminal investigations over ANAF applications
ANAF’s Integrity Division was created as an internal team of police officers with the single
purpose of gathering and investigating proofs of criminal activity performed by ANAF’s personnel,
as part of standard prosecuting procedure.
The biggest challenge was to have the ability of search and correlate information produced by
more 160 financial applications developed in the past 20 years, and used by more than 25,000
employees, in order to provide the required evidences of criminal activity.
They needed a solution that could extract data from all 160 applications, using more than 100
distinct connectors, and counting hundreds of thousands of records each day. The data had to be
kept online for 6 months, and archived for the next 5 years. As an extra, the requirements were
valid for all data that is currently in ANAF’s silos, some dating back to 2003. Execution time: 5
months.
We qualified Smart Investigator together with the Internal Fraud module and Quest Compliance
Suite and were able to meet all demands in the proper time, including the tight budget, due to the
product’s easiness in creation of new connectors, new dashboards and new reports, but also by
taking benefit of the good analytics capabilities that allowed for the proper correlation and display
of extremely heterogeneous data.
The extreme compression abilities and no-sql search capabilities allowed for maximization of the
minimal requirements, and at this moment the solution is able to keep online 1 years of data,
while archiving for 10 years. Extracting and making available data from archives takes less than
24 hours, in case of need. Reports can be produced in minutes, and investigations can be
performed in near real-time across all online silos, no matter the level of depth.
33 www.qeast.ro

ANAF INTEGRITY DIVISION INVESTIGATION
34 www.qeast.ro

VODAFONE ROMANIA
Internal audit, security analytics and fraud management
Vodafone has a long history in using Q-East Software solutions for managing its compliance over
systems and custom applications. The company uses a global SIEM provider to monitor the external
security level, and a local deployment for internal audits. In the past years, the Security Department
also implemented several other security platforms over network, databases and applications.
The main challenge came when the Business decided to unify operational activity over all security
applications, and correlate with insights from SIEM and internal audit in order to have the big
compliance picture.
As an extra, they reshaped the fraud management platform and decided to implement a unified
solution that can handle all of the above. All data needed to be enhanced with information from
custom applications.
Smart Investigator was the solution of choice following an internal PoC that took over 6 months, with
more than 100 customizations being implemented to address custom loads.
Customer benefits:
• Multi-SIEM/multi-platform data correlation using unique algoritms
• Fast search over millions of aggregated events in seconds
• Over 100k eps processed in real-time from security platforms
• Real-time, no-impact connectivity to SIEM and security applications
• Synthetic results presented in diagrams designed to support the decision process
• Built-in reports customized to support ISO 27001, COBIT, PCI DSS and SOX compliance over all
integrated platforms
• User-defined alerts for any new request
35 www.qeast.ro

VODAFONE ROMANIA INTERNAL FRAUD ANALYTICS
36
Data aggregation
from custom
applications and
fraud identification
Setting summary
alerts based on
identified fraud
cases
Alerting based on
defined scenario
and adding
fraudulent events
Pinpoint the fraud
responsible
www.qeast.ro

GDPR Part 5: Better Together Quest & Cyberquest

More Related Content

What's hot (20)

Similar to GDPR Part 5: Better Together Quest & Cyberquest (20)

Recently uploaded (20)

GDPR Part 5: Better Together Quest & Cyberquest

Editor's Notes