audit - All Articles - CISO Platform2024-03-29T15:50:18Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/auditChecklist to Evaluate A Cloud Based WAF Vendorhttps://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-a-web-application-firewall2014-07-03T19:30:00.000Z2014-07-03T19:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p align="center" style="text-align:left;"><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-a-web-application-firewall" target="_blank"></a>These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt access, and commit fraud which today’s next generation firewall, IPS and other network security product are unable to safeguard. So in order to prevent breaches and downtime against web attacks, DDoS, site scraping and fraud we have introduced cost effective, in the cloud, Security as a Service (SaaS) based Web Application Firewall Service. The Solution is deployed in a reverse proxy mode so one just needs to route web traffic through Application Firewall which will mitigate web attacks & threats in real time and send out clean traffic back to web server.</p>
<p>( Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/captivating-new-insights-into-hbb-tvs">Can your SMART TV get hacked?</a></strong> )</p>
<p></p>
<p><em><span class="font-size-4">Check-list for Vendor Evaluation:</span></em></p>
<p><strong>1. Deployment Architecture & Mode of Operation</strong></p>
<ul>
<li>Active/Inline, Passive, Bridge, Router, Reverse Proxy etc.</li>
<li>How the SSL traffic is processed & offloading done, whether it terminates SSL connections, passively decrypts traffic etc.</li>
<li>What Authentication method used to validate users/customers</li>
<li>High Availability, Redundancy & Scalability</li>
<li>Protect Multiple Website Behind Single IP</li>
</ul>
<p> </p>
<p><strong>2. Connection Handling & Traffic Processing</strong></p>
<ul>
<li>How the traffic is blocked – Drop Packet, TCP Reset etc.</li>
<li>HTTP versions, Encoding & File transfer Support</li>
<li>Any other protocol support</li>
<li>Response Filtering</li>
</ul>
<p> </p>
<p><strong>3. Detection Technique</strong></p>
<ul>
<li>Normalization technique used</li>
<li>Negative Security Models</li>
<li>Positive Security Models</li>
<li>Minimal False Positives</li>
<li>Signature/Rule Database</li>
<li>How frequently Database is updated</li>
<li>Is APIs available to customize or extend vendor’s detection functionality</li>
<li>Virtual Patching</li>
<li>Fraud Detection</li>
<li>Business Logic Attacks</li>
</ul>
<p>( Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/technology-implementation-status-in-various-top-verticals-india">Security Technology Implementation Report- Annual CISO Survey</a></strong> )<b><br /></b></p>
<p></p>
<p><strong>4. Protection Technique</strong></p>
<ul>
<li>Brute Force Attacks</li>
<li>Cookie based Attacks</li>
<li>Session or Denial of Service Attacks</li>
<li>Hidden Form field Protection</li>
<li>Cryptographic URL & Parameter Protection</li>
<li>Reputation-Based Service</li>
<li>External Intelligence Feed, threat landscape etc.</li>
<li>Protection against Application DDoS</li>
<li>Protection against OWASP Top 10</li>
</ul>
<p> </p>
<p><strong>5. Logging</strong></p>
<ul>
<li>Which commonly used logs are supported</li>
<li>Log Forwarding to Syslog or SIEM</li>
<li>Unique transaction IDs are included with every log message</li>
<li>Log Export facility</li>
<li>Event logs and notification via Email, SMS, Syslog support, SNMP Trap etc.</li>
<li>Log Retention</li>
<li>Sanitization or Masking Critical Data from the logs</li>
</ul>
<p> </p>
<p><strong>6. Reporting</strong></p>
<ul>
<li>Reporting Format Supported</li>
<li>On Demand report generation, automation & scheduling</li>
<li>Report Customization</li>
<li>Report distribution methods available</li>
<li>Customized Block Page Display Message</li>
<li>Compliance Reports</li>
</ul>
<p> </p>
<p><strong>7. Management</strong></p>
<ul>
<li>GUI – Web Based</li>
<li>Multi-Tenancy, RBAC & Secure Administration</li>
<li>Centralized Dashboard, Alerts & Reporting</li>
<li>Support of External APIs</li>
<li>Integration with existing infrastructure</li>
<li>Integration with Vulnerability Scanner, SIEM, DLP etc.</li>
<li>Configuration Management & Backup</li>
<li>Automatic signature update and Install</li>
<li>Profile Learning</li>
<li>Policy Management, Export/Import, Roll back mechanism,</li>
<li>WAF Security</li>
</ul>
<p> </p>
<p><strong>8. Performance</strong></p>
<ul>
<li>HTTP level performance</li>
<li>HTTP level performance with SSL enabled</li>
<li>Maximum number of concurrent connections</li>
<li>Performance under Load</li>
<li>Fail-Safe & Pass through when device fails</li>
</ul>
<p>( Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/sneak-peek-into-the-future">Hardware Trojans: Sneak Peek into the Future</a></strong> )</p>
<p></p>
<p><strong>9. Support</strong></p>
<ul>
<li>24*7*365 Support Available</li>
<li>Quality of technical support</li>
<li>Support presence in local City, Country etc.</li>
<li>Direct Support or Partner</li>
<li>SLA, TAT, Escalation Matrix etc.</li>
</ul>
<p> </p>
<p><strong>10. Cost</strong></p>
<ul>
<li>Initial cost</li>
<li>Setup & Implementation Cost</li>
<li>Recurring subscription costs</li>
<li>Patch Update & Upgrade Cost</li>
<li>Any other hidden cost</li>
</ul>
<p> </p>
<p><strong>11. Vendor Reputation</strong></p>
<ul>
<li>Market share, Turnover, Profitability</li>
<li>Any certification like ICSA Labs etc.</li>
<li>Enable PCI 6.6 compliance requirement</li>
<li>Listed by any IT research company like Gartner, Forrester, IDC etc.</li>
<li>Customer Base</li>
<li>Any customer implementation similar to your line of business</li>
</ul>
<p> </p>
<p><em><em>-With Yadavendra Awasthi, Netmagic Solutions Pvt. Ltd., on How To Evaluate a WAF(Web Application Firewall) Vendor <a href="http://ctt.ec/O02fm" target="_blank">ClickToTweet</a></em></em></p>
<p><em>What are your quick tips to evaluate WAF vendors? Share with us in the comments below or write your own article <strong><a href="http://www.cisoplatform.com/profiles/blog/new" target="_blank">here</a></strong> </em><em><br /></em></p></div>SIEM Tools: Implementation Guide and Vendor Evaluation Checklisthttps://www.cisoplatform.com/profiles/blogs/siem-tools-implementation-guide-and-vendor-evaluation-checklist2014-09-16T13:00:00.000Z2014-09-16T13:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p> </p>
<p><span class="font-size-4">Current Project Synopsis:</span></p>
<ul>
<li>Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million Wifi/FTTx subscribers in top 800 cities of India</li>
<li>Jio’s seamless 4G services using FDD-LTE on 1800 MHz and TDD-LTE on 2300 MHz through an integrated ecosystem, aims to provide unparalleled high quality access to innovative and empowering digital content, applications and services.</li>
</ul>
<p>According to Verizon 2013 data breach report, 84% of exploits & 69% of data exfiltration happens in less than an hour so it’s very critical to have situational awareness i.e. visibility into activities occurring around the enterprise. Proper deployment of next generation SIEM (Security Information & Event Management) tools helps to detect attacks sooner and as a result react more nimbly.</p>
<p>SIEM solutions provide enterprises with network security intelligence and real-time monitoring for network devices, systems, and applications. Using SIEM solutions, IT administrators can mitigate sophisticated cyber attacks, identify the root cause of security incidents, monitor user activity, thwart data breaches and most importantly, meet regulatory compliance requirements.</p>
<p>Most organization think that SIEM solutions have a steep learning curve and are expensive, complex and hard to deploy. Here are few SIEM deployment guidelines and factors you need to consider while evaluating an SIEM Tool. The right SIEM solution is one that can be easily deployed, is cost-effective and meets all your IT security needs with a single tool.</p>
<p>(Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-a-web-application-firewall">Checklist to Evaluate A Cloud Based WAF Vendor</a>)</strong></p>
<p><br /> <span class="font-size-4">SIEM Deployment Guidelines</span></p>
<p>1. Know what is important to security</p>
<ul>
<li>Security Events</li>
<li>Network Flows</li>
<li>Server & Application Logs</li>
<li>Database Activity</li>
<li>Application Contents</li>
</ul>
<p>2. Know what is important to compliance</p>
<ul>
<li>Identity Content</li>
<li>Classification of data</li>
<li>Access to data</li>
<li>Usage of data</li>
</ul>
<p> </p>
<p><br /> <span class="font-size-4">Checklist for SIEM Solution Evaluation</span></p>
<p>1. <strong>Log Collection</strong></p>
<ul>
<li>EPS (events per second) rate at which your IT infrastructure sends events should match with your SIEM tool</li>
<li>Should be able to collect logs from heterogeneous sources (Windows, Unix/Linux, Applications, Database, Network Devices ,Firewalls, IPS, IDS)</li>
<li>Capability of agent-less and agent based log collection method</li>
</ul>
<p>2. <strong>Real Time Event Correlations</strong></p>
<ul>
<li>Proactively dealing with threats based on log search, rules and alerts. Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the networks</li>
</ul>
<p>3. <strong>Log Retention</strong></p>
<ul>
<li>Capability to easily retrieve and analyze log data</li>
<li>Should automatically archive all log data from systems, devices and applications to a centralized repository.</li>
</ul>
<p>4.<strong> IT Compliance Reports</strong></p>
<ul>
<li>Out of box regulatory compliance of PCI DSS, ISO 27001, SOX, HIPAA etc</li>
</ul>
<p>5. <strong>User Activity Monitoring</strong></p>
<ul>
<li>Out of box user activity monitoring, privileged user monitoring, audit reporting, Know which user performed the action, what was the result of the action. Source & destination address of the systems /devices used.</li>
</ul>
<p>6. <strong>File Integrity Monitoring</strong></p>
<ul>
<li>Capability to monitor business critical files & folders. </li>
<li>Capture details of when files were created, accessed, viewed, deleted, modified, renamed etc.,</li>
</ul>
<p>7. <strong>Log Forensics</strong></p>
<ul>
<li>Capability to track down a intruder or event activity using log search capability</li>
</ul>
<p>8. <strong>Dashboards</strong></p>
<ul>
<li>Capability to take timely actions & right decisions during network / system anomalies</li>
</ul>
<p>9. <strong>Global Threat Intelligence Feeds</strong></p>
<ul>
<li>Capability to get latest global threat intelligence feeds & carrier grade threat intelligence so as to proactively manage threats. Collaboration among organizations to enhance security </li>
<li>Precise solutions for compromised systems and networks</li>
</ul>
<p>10. <strong>Big Data Analytics</strong></p>
<ul>
<li>Capability to forecast threats using big data, Accurate analysis of structured as well as unstructured data</li>
<li>Constant intelligence gathering to strengthen security</li>
</ul>
<p> </p>
<p>-<em>With Binu Chacko, Head of iSoc(Security Operations Center) & Digital Forensics, Reliance Jio Infocomm on 'SIEM Tools: Implementation Guide and Vendor Evaluation Checklist'</em></p>
<p>(Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-pci-dss-implementation-certification">Checklist for PCI DSS Implementation & Certification</a>)</strong></p></div>