Anjar Priandoyo

Catatan Setiap Hari

Posts Tagged ‘Security

IT Security Products

leave a comment »

I think IT Security is one of most complicated product in the IT domain. First it an antimonopoly style, unlike the software or infra that can create a very big company, security product tend to be locally customized -think like various antivirus company nowadays. Second it also has big internal professional services team, unlike the software that can be act as principals. The third factor, the naming of product is very much not standardized, they can claim that their product has specific capabilities.

For example for Multi-factor authentication, Zero trust security philosophy

Cyberark PAM (Privileged Access Management (PAM) / Privileged Identity Management)
Duo mobile Two-Factor Authentication & Endpoint Security (part of Cisco 2018)

Twofactor, agentbased: Okta, Gemalto, RSA
Agentless: silverfort

Okta: identity and access management, Okta’s services are built on top of the Amazon Web Services cloud.

ref

Written by Anjar Priandoyo

Juli 17, 2020 at 4:21 pm

Ditulis dalam Science

Tagged with

Information Security

leave a comment »

Client concern on price (e.g instead buying package (software + hardware) they prefer to buy separate item.
Client concern on its unique characteristics (e.g 70% is inhouse development software)

Extended detection and response (XDR) delivers visibility into data across networks, clouds, endpoints, and applications while applying analytics and automation to detect, analyze, hunt, and remediate today’s and tomorrow’s threats

EDR: Endpoint Detection and Response
NTA: Network Traffic Analysis
SIEM: Security Information and Event Management

SOAR (security orchestration, automation, and response) technology. SOAR platforms are similar to SIEMs in that they aggregate, correlate, and analyze alerts. However, SOAR technology goes a step further by integrating threat intelligence and automating incident investigation and response workflows based on playbooks developed by the security team.

EPP: Endpoint protection platform

Cloud Access Security Broker (CASB) acts as an intermediary between cloud providers and cloud consumers to enforce an organization’s security policies for cloud application access and usage.

A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

ServiceNow is a Platform-as-a-service provider, providing technical management support, such as IT service management, to the IT operations of large corporations, including providing help desk functionality. ServiceNow develop a cloud computing platform to help companies manage digital workflows for enterprise operations

IBM QRadar is an enterprise security information and event management (SIEM) product. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors.

High availability (HA) is a characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period.

High-availability clusters (also known as HA clusters , fail-over clusters or Metroclusters Active/Active) are groups of computers that support server applications that can be reliably utilized with a minimum amount of down-time.

High availability of virtual machines (VM) is a critical requirement for enterprises for running their key workloads

Virtual Machine HA (VM HA) implements high availability at the hypervisor level by replicating and restarting full virtual machines, while Application HA implements high availability at the application level by replicating only application data and restarting the application

Nutanix, Inc. is a cloud computing company that sells hyper-converged infrastructure (HCI) software, cloud services (such as Desktops as a service, Disaster Recovery as a service, and cloud monitoring), and software-defined storage

Hyper-converged infrastructure (HCI) is a software-defined IT infrastructure that virtualizes all of the elements of conventional “hardware-defined” systems. HCI includes, at a minimum, virtualized computing (a hypervisor), software-defined storage and virtualized networking (software-defined networking). HCI typically runs on commercial off-the-shelf (COTS) servers. The primary difference between converged infrastructure (CI) and hyper-converged infrastructure is that in HCI, both the storage area network and the underlying storage abstractions are implemented virtually in software (at or via the hypervisor) rather than physically, in hardware. Because all of the software-defined elements are implemented within the context of the hypervisor, management of all resources can be federated (shared) across all instances of a hyper-converged infrastructure.

Hyper-converged infrastructure (HCI) combines common datacenter hardware using locally attached storage resources with intelligent software to create flexible building blocks that replace legacy infrastructure consisting of separate servers, storage networks, and storage arrays.

Written by Anjar Priandoyo

Mei 15, 2020 at 11:52 am

Ditulis dalam Science

Tagged with

Access Control: Identity and Access Management

leave a comment »

Customer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM). IAM itself a concept within Role Base Access Control (RBAC). Several most popular CIAM products such as Ping Identity, WSO2 Identity Server, 1Password, LastPass, and Okta, including ForgeRock Access Management, ForgeRock Identity Gateway.

ISO/IEC 24760-1 A framework for identity management—Part 1: Terminology and concepts
ISO/IEC 24760-2 A Framework for Identity Management—Part 2: Reference architecture and requirements
ISO/IEC DIS 24760-3 A Framework for Identity Management—Part 3: Practice
ISO/IEC 29115 Entity Authentication Assurance
ISO/IEC 29146 A framework for access management
ISO/IEC CD 29003 Identity Proofing and Verification
ISO/IEC 29100 Privacy framework
ISO/IEC 29101 Privacy Architecture
ISO/IEC 29134 Privacy Impact Assessment Methodology

ref, ref, ref, ref, ref

Written by Anjar Priandoyo

Mei 4, 2020 at 4:26 pm

Ditulis dalam Science

Tagged with

Information Security Technologies

leave a comment »

Information Security is a complex field, it involves the Process (where more people involve, e.g review, audit) and Technology (where less people involve, e.g substantive log review). In my experience, I work more with Process than Technology, but actually the bridge between this two is blurred.

Information Security also complex field as it is related also with Information Operation field. Log Monitoring vs Log Management vs (Data) Log Analytics can this technology can be used for diferent purpose e.g (negative security purpose) Identifying Security Breach vs Gaining the pattern of user (positive, understanding user buying behaviour).

For example, Splunk, Mint and Elasticsearch (ELK: Logstash, Kibana) can be considered as different tools with totally different purpose.
– Web Analytics Tools
– Log Management and Analytics
– Information Retrieval Libraries
– Search Engine & Content Analytics
– Big Data

Just imagine like WordPress that can be use as Blog, E-commerce or even Discussion Forum.

Note:
Qualys: Vulnerability Management, Cloud Security
Kibana: Data visualization dashboard for Elasticsearch.

NIST Cybersecurity Framework v1.1 (2014/2018) ref
NIST SP 800-53 Rev. 4
ISA 62443-3-3:2013

Cybersecurity assurance standards

Product assurance:
– ISO/IEC 15408, Common Criteria
– ISO/IEC 19790, Security requirements for cryptographic modules
(similar to NIST FIPS 140-2)
– ISO/IEC TR/19791, Security assessment of operational systems

Process assurance:
– ISO/IEC 21827, SSE capability maturity model (SSE-CMM®)
– ISO/IEC 17799, Code of practice for information security Mgmt
– COBIT – Control objectives for information and related technology
– draft ISA S99 standards: Concepts and process guidance

Quality assurance: ISO 9000
Environment assurance: ISO 14000

IEC 62443: Industrial Network and System Security

Written by Anjar Priandoyo

Mei 2, 2020 at 7:38 am

Ditulis dalam Science

Tagged with ,