SlideShare una empresa de Scribd logo

Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Finance Industry

E
Emrah Alpa, CISSP CEH CCSK

The document provides an overview of Micro Focus' security, risk, and governance portfolio including products for data governance, application security, identity and access management, endpoint security, security operations, information archiving, and analytics. It discusses specific Micro Focus products that can help with various regulatory requirements. ArcSight is presented as a next-generation security operations platform that utilizes threat intelligence, machine learning, and crowdsourced defenses. Fortify is described as enabling application security throughout the development lifecycle. NetIQ is highlighted as providing zero-trust identity and access management solutions based on principles of least privilege, identity assurance, and leveraging context without assuming trust.

Software
1 de 35
Descargar para leer sin conexión
Emrah Alpa Sr. Product Manager | ArcSight Security, Risk & Governance
Security, Risk & Governance Portfolio – High Level DATA GOVERNANCE & PROTECTION APPLICATION SECURITY IDENTITY & ACCESS MANAGEMENT ENDPOINT SECURITY SECURITY OPERATIONS INFORMATION ARCHIVING ANALYTICS & MACHINE LEARNING
BDDK <-> Micro Focus Ürünleri Matrisi BDDK Madde 11 Madde 16, 24 Madde 11, 13, 18 Madde 24 • NetIQ Identity Management • NetIQ Privileged Account Mgmt. (PAM) • Fortify • ArcSight (Next-Gen SecOps) SIEM & SOAR • Interset (Machine Learning, UEBA) • Voltage Madde 9 • Data Discovery • File Analysis Suite
Our commitment to you @ Micro Focus SRG Stronger Together As-a-Service Analytics Everywhere Lowering Time to Value IDOL
ArcSight Next-Gen Security Operations
It’s not about… correlation, hunt, behavioral analytics, machine learning…
SOME Unknown Attack Vectors SOAR Identity Known Attack Vectors UEBA DEFENSE- IN-DEPTH
MISP CRCL SIGMA MITRE ATT&CK MATRIXIndustry-recognized, Crowd-Sourced Defense Framework Open Source Threat Intel Crowd-Sourced SIEM Detection Logic Crowd-Sourcing the Defenses
Secure Electronic Banking Cyber Shield Secure ATM Cyber Shield Secure Payment Processing Cyber Shield Secure Point of Sales Cyber Shield MITRE ATT&CK Bake off Financial Services Go to Market Exchange Go to Market Oil and Gas Go to Market Retail Go to Market Long Arc
What ArcSight participates in MITRE ATT&CK Evaluations Round #3
Threat Actors: FIN7 & Carbanak
FIN7 is the most known Finance-targeting Threat Actor on the planet Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019 Billy the Kid (1870’s) Photo credit: www.rogerebert.com FIN7 Threat Actor (2015 - ?) Photo credit: FireEye
FIN7 is the most known Finance-targeting Threat Actor on the planet Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019
Carbanak – the Greatest Heist of the Century: $1 bln stolen
Become the Leader by taking the road less travelled
Fortify App Security for Modern Dev
The Dream “I want scans in under a minute with ZERO false positives and ZERO false negatives”
Secure applications Full Integration Actionable Results Fast, Accurate Scans
Where do you begin? • Find and fix vulnerabilities early in the development process • Identify and prioritize vulnerabilities in existing applications • Automate security testing Plan/Govern Operate/Monitor Deploy/Release Develop/Test Agile Development Continuous Integration Continuous Delivery Product
• Find and fix vulnerabilities early in the development process • Identify and prioritize vulnerabilities in existing applications • Automate security testing Micro Focus can help
Reduced noise Open Source Audit Assistant ScanCentral Fortify CI
DigiTrans develops their own applications One of the attacks used vulnerabilities in their web applications The CISO wants to: Find potential vulnerabilities and fix them before deployment Identify any other vulnerabilities within applications
NetIQ ZeroTrust Security Identity andAccess Management
Building blocks of Trusted Access DO NOT ASSUME TRUST LEVERAGE CONTEXT LEAST PRIVILEGEIDENTITY ASSURANCE
When you move… First thing? Get the internet working! You sign, sign, sign They give you the keys
But what about the cable guy? DO NOT ASSUME TRUST CONFIRM CONTEXT VERIFY CREDENTIALS LIMITED ACCESS
Security maturity curve TRUST VERIFY RECOGNIZE Assumed Trust Zero Trust Adaptive Intelligence Securing the perimeter • Network centric view • Inside vs. outside • Security silos Evaluating what is appropriate • Granular risk-based controls • Continuous evaluation of assurance & entitlements Dynamic identity context • Data-driven approach • Machine learning and artificial intelligence • Real-time remediation
Zero Trust is a philosophy Zero Trust is a process Zero Trust always asks ‘is this appropriate?’
LEAST PRIVILEGE IDENTITY ASSURANCE LEVERAGE CONTEXT DO NOT ASSUME TRUST Technology highlights Identity and Access (NetIQ) Available today ▪ Enforce appropriate access Upcoming innovations ▪ Universal policy orchestration ▪ Evaluate current risk ▪ Multifactor authentication ▪ Decide who can access what ▪ Enhanced identity proofing ▪ Behavioral analytics ▪ Zero Trust cloud platform
Where do you begin? • Implement Multi-Factor Authentication • Ensure authorized access • Establish appropriate roles • Move the organization toward a least privilege model of access
Challenge ‒ Prevent data and intellectual property loss by establishing data recognition capabilities ‒ GDPR, KVKK, CCCPA Names Date of Birth Postal Code Addresses Telephone Number Passport Number Driving License Number National ID Number TIN (Tax Identification Number) National Healthcare ID number Health/Medical Terms & Conditions Business IDs Additionally PHI, PCI and PSI 34 Entity extraction and Classification - DLP, PII, DSAR Result ‒ Helps eliminates 90% of data risk and fosters user behavior changes ‒ Allows organizations to classify and guard their valuable data assets, which enhances their reputations and trustworthiness ‒ Strengthens organizations’ security risk profiles and security return on investment ‒ Enables analysis of structured and unstructured data and risk/trend reporting to prevent data and intellectual property loss “If you want to protect your data, you must know what comprises your inventory of important assets. We rely heavily on the IDOL technology for helping us classify data. Our IDOL solution is a key part of the data protection puzzle.” MARCUS BROWN Vice President of Corporate Business Development Digital Guardian
Thank you

Recomendados

“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
Ahmed Banafa
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 

Recomendados

“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
Ahmed Banafa
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
nathan-axonius
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Resilient Systems
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
Wolfgang Kandek
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...
Max Justice
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Pro Mrkt
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
Cristian Garcia G.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
Sneha .
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 

Más contenido relacionado

La actualidad más candente

Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Resilient Systems
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 

La actualidad más candente (19)

The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 

Similar a Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Finance Industry

Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Core Security
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 

Similar a Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Finance Industry (20)

CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
What is Identity Security.pptx
What is Identity Security.pptxWhat is Identity Security.pptx
What is Identity Security.pptx
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 

Último

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Último (20)

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 

Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Finance Industry

  • 1.
  • 2. Emrah Alpa Sr. Product Manager | ArcSight Security, Risk & Governance
  • 3. Security, Risk & Governance Portfolio – High Level DATA GOVERNANCE & PROTECTION APPLICATION SECURITY IDENTITY & ACCESS MANAGEMENT ENDPOINT SECURITY SECURITY OPERATIONS INFORMATION ARCHIVING ANALYTICS & MACHINE LEARNING
  • 4. BDDK <-> Micro Focus Ürünleri Matrisi BDDK Madde 11 Madde 16, 24 Madde 11, 13, 18 Madde 24 • NetIQ Identity Management • NetIQ Privileged Account Mgmt. (PAM) • Fortify • ArcSight (Next-Gen SecOps) SIEM & SOAR • Interset (Machine Learning, UEBA) • Voltage Madde 9 • Data Discovery • File Analysis Suite
  • 5. Our commitment to you @ Micro Focus SRG Stronger Together As-a-Service Analytics Everywhere Lowering Time to Value IDOL
  • 7. It’s not about… correlation, hunt, behavioral analytics, machine learning…
  • 9. MISP CRCL SIGMA MITRE ATT&CK MATRIXIndustry-recognized, Crowd-Sourced Defense Framework Open Source Threat Intel Crowd-Sourced SIEM Detection Logic Crowd-Sourcing the Defenses
  • 10.
  • 11. Secure Electronic Banking Cyber Shield Secure ATM Cyber Shield Secure Payment Processing Cyber Shield Secure Point of Sales Cyber Shield MITRE ATT&CK Bake off Financial Services Go to Market Exchange Go to Market Oil and Gas Go to Market Retail Go to Market Long Arc
  • 12.
  • 13. What ArcSight participates in MITRE ATT&CK Evaluations Round #3
  • 15. FIN7 is the most known Finance-targeting Threat Actor on the planet Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019 Billy the Kid (1870’s) Photo credit: www.rogerebert.com FIN7 Threat Actor (2015 - ?) Photo credit: FireEye
  • 16. FIN7 is the most known Finance-targeting Threat Actor on the planet Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019
  • 17. Carbanak – the Greatest Heist of the Century: $1 bln stolen
  • 18. Become the Leader by taking the road less travelled
  • 20. The Dream “I want scans in under a minute with ZERO false positives and ZERO false negatives”
  • 21. Secure applications Full Integration Actionable Results Fast, Accurate Scans
  • 22. Where do you begin? • Find and fix vulnerabilities early in the development process • Identify and prioritize vulnerabilities in existing applications • Automate security testing Plan/Govern Operate/Monitor Deploy/Release Develop/Test Agile Development Continuous Integration Continuous Delivery Product
  • 23. • Find and fix vulnerabilities early in the development process • Identify and prioritize vulnerabilities in existing applications • Automate security testing Micro Focus can help
  • 24. Reduced noise Open Source Audit Assistant ScanCentral Fortify CI
  • 25. DigiTrans develops their own applications One of the attacks used vulnerabilities in their web applications The CISO wants to: Find potential vulnerabilities and fix them before deployment Identify any other vulnerabilities within applications
  • 27. Building blocks of Trusted Access DO NOT ASSUME TRUST LEVERAGE CONTEXT LEAST PRIVILEGEIDENTITY ASSURANCE
  • 28. When you move… First thing? Get the internet working! You sign, sign, sign They give you the keys
  • 29. But what about the cable guy? DO NOT ASSUME TRUST CONFIRM CONTEXT VERIFY CREDENTIALS LIMITED ACCESS
  • 30. Security maturity curve TRUST VERIFY RECOGNIZE Assumed Trust Zero Trust Adaptive Intelligence Securing the perimeter • Network centric view • Inside vs. outside • Security silos Evaluating what is appropriate • Granular risk-based controls • Continuous evaluation of assurance & entitlements Dynamic identity context • Data-driven approach • Machine learning and artificial intelligence • Real-time remediation
  • 31. Zero Trust is a philosophy Zero Trust is a process Zero Trust always asks ‘is this appropriate?’
  • 32. LEAST PRIVILEGE IDENTITY ASSURANCE LEVERAGE CONTEXT DO NOT ASSUME TRUST Technology highlights Identity and Access (NetIQ) Available today ▪ Enforce appropriate access Upcoming innovations ▪ Universal policy orchestration ▪ Evaluate current risk ▪ Multifactor authentication ▪ Decide who can access what ▪ Enhanced identity proofing ▪ Behavioral analytics ▪ Zero Trust cloud platform
  • 33. Where do you begin? • Implement Multi-Factor Authentication • Ensure authorized access • Establish appropriate roles • Move the organization toward a least privilege model of access
  • 34. Challenge ‒ Prevent data and intellectual property loss by establishing data recognition capabilities ‒ GDPR, KVKK, CCCPA Names Date of Birth Postal Code Addresses Telephone Number Passport Number Driving License Number National ID Number TIN (Tax Identification Number) National Healthcare ID number Health/Medical Terms & Conditions Business IDs Additionally PHI, PCI and PSI 34 Entity extraction and Classification - DLP, PII, DSAR Result ‒ Helps eliminates 90% of data risk and fosters user behavior changes ‒ Allows organizations to classify and guard their valuable data assets, which enhances their reputations and trustworthiness ‒ Strengthens organizations’ security risk profiles and security return on investment ‒ Enables analysis of structured and unstructured data and risk/trend reporting to prevent data and intellectual property loss “If you want to protect your data, you must know what comprises your inventory of important assets. We rely heavily on the IDOL technology for helping us classify data. Our IDOL solution is a key part of the data protection puzzle.” MARCUS BROWN Vice President of Corporate Business Development Digital Guardian